Domain won't stay authenticated with ESP

Every day I head over to Cloudflare to change any records from “5 min.” to “auto” so that I can send with that domain with my ESP (ActiveCampaign). It authenticates with them. And, then the next day, it has reverted back to 5 min. and is no longer authenticated. This is only affecting one of my sites and not the other one (that one always stays authenticated). Why is this happening and what can I do to fix it?

This one sounds a bit strange?

The AUTO TTL is literally behind the stage the exact same as setting 5 minutes, so it shouldn’t be making a difference, at all.

Are you by maybe using Ezoic, or have been doing so in the past?

Ezoic has been known to be reverting any changes to the DNS that you make, that aren’t done through their platform.

So, if you use Ezoic, and insist on keeping to use Ezoic, then you should be making your changes to the DNS through their platform.

1 Like

I don’t use Ezoic. I know the 5 min to auto thing sounds strange. But editing those makes the domain actually authenticate with ActiveCampaign. And, that’s the only thing that changes from day to day.

1 Like

Ok, I went back and looked and ezioc is listed there. I don’t know why, though. I don’t and have never used them. What’s the best way to remove that?

1 Like

Someone, or something, with access to your Cloudflare account has been able to do that.

So I would take the steps, as if your Cloudflare account has been compromised.

Log in to your Cloudflare account, change your password, and preferably also enable two-factor authentication (2FA).

Check the "Members page, to see if you’re letting others access your account:

Check the “API Tokens” page, to see if there are any tokens you don’t use or otherwise know about:

Additionally, you would also want to check the “DNS Records” page, and remove any record(s) you don’t use or otherwise know about:

Once you’ve been through it all, the problem should have been resolved.

1 Like

I suspect it’s not the best way, but the brute force way is to change your password and API key & tokens. When ezoic was added to the site, that information was needed for them to integrate. If you’re not aware of them and do not use ezoic, the brute force way may be the best approach. Warning, ezoic may be used under the hood by your web developer, so you may want to be aware of what they provide in order to consider how it may impact your site, Ezoic

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.