Domain access fail, but IP is ok

Hi there,

I’m new to CF and I think I did set up everything correct for my domain. Currently, I’m running an API server behind the domain but I cannot reach get to work. Here’s what I’ve done:

  • got certificates and put them on the server. Server itself is running Node JS scripts (all my code), tested previously with openssl self-signed certificates - https worked like a charm.
  • registered my domain on CF, set up NS records.
    when I run a simple GET request in both browser and Postman to the domain name, I always get CF’s “Web server is down”, but when I run the same requests directly to my IP address, they work fine.
    This makes me think that the SSL part is OK, but the DNS is not or at least the connection between CF and my IP address.
    I ran the diagnostic in the center and I got only " Check DS record configuration", " Check the HTTPS status" and " Check the site for mixed content".
    Additional info: When I ping my domain, it pings some CF server and ping is OK, when I ping my IP - it’s OK too.
    Port 443 on my server is OK (I can connect with a TCP client to my IP:443, connection is established)
    What or where might be the problem?

Actually, after some time of reading and tips, I found a solution to my problem. Here it is:

Unfortunately, I cannot use links here, so here’s the tip:

If you are new to Cloudflare’s HTTP, your origin web server might still have wrong configurations. Ensure that the server allows Cloudflare IP addresses access port 443. If you can’t re-configure your server/firewall to listen to port 443, try using flexible SSL instead of the Full SSL at Cloudflare.

explanation is simple, and it was my mistake. My server script was listening for HTTPS port (443), but my SSL/TLS encryption mode was set to flexible, i.e no encryption between CF proxy and my server. After I set it Full (strict), I was able to run everything, using CF’s certificates.

Request #SOLVED, #CLOSED

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.