Enable SSL on clickfunnels


#1

Hey community,

Your fellow member is having an issue. I’m trying to enable SSL on ClickFunnels, and I followed all the instruction in their knowledge base site. I click on the Check Now button, and I get an error message stating that The SSL certificate is still being verified. I waited 72 hours, and still it’s not enable.

I contact their help desk, and they sent me the same information that I followed already. They said that I may have to contact CloudFlare support desk to get help, so now I’m reaching out to the Community to see if I can get help.

Is their a specific setup that I need to do on the DNS tab?


#2

Did you add the CNAME records as explained in the guide and moved your domain to Cloudflare’s service? (changed nameservers at your registrar?)

What does the Crypto tab show in the “SSL” box?

Do you mind sharing the domain name? (note that this is a public forum)


#3

Hi Shimi,

Yes, I did added the CNAME records as explained in the guide on https://help.clickfunnels.com/hc/en-us/articles/360005906094-Cloudflare-CNAME-Record. I even did the Redirect Rule under the “Page Rules” tab.

I bought my domain name from GoDaddy, and change the nameserver to Cloudflare service.

I created a CNAME records for “www” and pointed to “target.clickfunnels.com”, I left the Automatic TTL by defauld and clicked on Add Record. I also created another CNAME record for “@” and pointed to “www.mydomain.com”, I also left the Automatic TTL by defauld and clicked on Add Record.

I clicked on the Crypto tab, and looked at the SSL section. The Universal SSL Status shows Active Certificate, and the Full is selected.

My domain name is in the image below.

Do you have an idea of what could be wrong, or do you need any other information?


#4

Hi @wisler.andre,

I am a bit confused. It seems from your screenshot that your domain is reiexplained.com. And you say that you’ve changed the nameservers of your domain from GoDaddy to Cloudflare.

But I checked now, and both the WHOIS record and delegation from f.gtld-servers.net agree that the nameservers are:

$ dig @f.gtld-servers.net ns reiexplained.com

; <<>> DiG 9.13.5 <<>> @f.gtld-servers.net ns reiexplained.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8467
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;reiexplained.com.              IN      NS

;; AUTHORITY SECTION:
reiexplained.com.       172800  IN      NS      ns73.domaincontrol.com.
reiexplained.com.       172800  IN      NS      ns74.domaincontrol.com.

;; ADDITIONAL SECTION:
ns73.domaincontrol.com. 172800  IN      AAAA    2603:5:21a4::2f
ns73.domaincontrol.com. 172800  IN      A       97.74.106.47
ns74.domaincontrol.com. 172800  IN      A       173.201.74.47
ns74.domaincontrol.com. 172800  IN      AAAA    2603:5:22a4::2f

;; Query time: 93 msec
;; SERVER: 2001:503:d414::30#53(2001:503:d414::30)
;; WHEN: Mon Jan 21 07:58:44 IST 2019
;; MSG SIZE  rcvd: 185

So - NOT Cloudflare. As such, whatever DNS settings you’re doing on Cloudflare have no affect, because nobody is querying Cloudflare for their opinion.

Can you show a screenshot that demonstrates that you’ve changed the nameservers for your domain on GoDaddy’s domain registration configuration?


#5

Hi @shimi,

I was confused myself also, because I just took a screen shot of my GoDaddy nameserver where you can see the image below.

Now, today I see that it’s no longer pointing to Cloudflare. It’s back to GoDaddy as you can see below.

Should I go ahead, and put it back, or do I need to do something else, before I put the nameserver?


#6

I have no idea what caused it to change back. That should generally not happen.

Maybe you changed something else in GoDaddy, with regards to hosting for example, so they reverted the NS configuration?

Anyway, for Cloudflare to proxy your site, they need to be the nameservers, so do change it back, and monitor if it reverts (and if it does, maybe ask GoDaddy why)


#7

Okay @shimi,

I point it back to CloudFlare as you can see below.

Do you see the change is updated?


#8

Yes

$ dig @f.gtld-servers.net ns reiexplained.com

; <<>> DiG 9.13.5 <<>> @f.gtld-servers.net ns reiexplained.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3201
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;reiexplained.com.              IN      NS

;; AUTHORITY SECTION:
reiexplained.com.       172800  IN      NS      hank.ns.cloudflare.com.
reiexplained.com.       172800  IN      NS      iris.ns.cloudflare.com.

;; ADDITIONAL SECTION:
hank.ns.cloudflare.com. 172800  IN      A       173.245.59.116
hank.ns.cloudflare.com. 172800  IN      AAAA    2400:cb00:2049:1::adf5:3b74
iris.ns.cloudflare.com. 172800  IN      A       173.245.58.118
iris.ns.cloudflare.com. 172800  IN      AAAA    2400:cb00:2049:1::adf5:3a76

;; Query time: 49 msec
;; SERVER: 192.35.51.30#53(192.35.51.30)
;; WHEN: Mon Jan 21 17:21:51 IST 2019
;; MSG SIZE  rcvd: 185

But local resolvers may still have the old values cached for up to 2 days, as the TTL was 2 days (172800 seconds)


#9

Okay, so now I have to wait to see if it has the update?


#10

Noticed you last updated your setting 2018 years ago… you’ve had that domain a while… :slight_smile:
You can test propagation here https://dnsmap.io/#NS/

clock


#11

I check the Nameservers @Withheld and it shows a red X across all DNS servers. Does it mean that it’s still not communicating? I checked with GoDaddy and I see the Last update is current now.

@shimi, is their anything else that I need to check, because I waited 72 hours and login to my Clickfunnels account, and I still see my domain is not SSL enable. I clicked on my domain name, and Expanded the SSL section then clicked on “Check Now”, and I get this Error message.
Error

Any other ideas why this is happening?


#12

Well, I don’t know where this partial screenshot with error message is from, but as far Cloudflare are involved, it seems that your domain goes to their servers, and it seems that the servers respond with a valid certificate for your domain, and then when the request is made, something makes a redirection to https://www.clickfunnels.com - maybe not the redirect you want - but NOT an SSL problem:

$ curl -v https://reiexplained.com
*   Trying 2606:4700::6810:ec2...
* TCP_NODELAY set
* Connected to reiexplained.com (2606:4700::6810:ec2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=reiexplained.com
*  start date: Jan 15 00:00:00 2019 GMT
*  expire date: Jan 15 12:00:00 2020 GMT
*  subjectAltName: host "reiexplained.com" matched cert's "reiexplained.com"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55efac53edb0)
> GET / HTTP/2
> Host: reiexplained.com
> User-Agent: curl/7.63.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 302 
< date: Fri, 25 Jan 2019 07:54:03 GMT
< content-type: text/html; charset=utf-8
< set-cookie: __cfduid=d3e3351663d40999e6196753ddb348a841548402843; expires=Sat, 25-Jan-20 07:54:03 GMT; path=/; domain=.reiexplained.com; HttpOnly
< location: https://www.clickfunnels.com
< cf-cache-status: MISS
< cache-control: no-cache
< cf-ray: 49e92b6c8f0b0cbf-LHR
< access-control-allow-origin: *
< access-control-request-method: *
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< request-country: XX
< request-eu: false
< status: 302 Found
< vary: Accept-Encoding
< via: 1.1 vegur
< x-frame-options: ALLOWALL
< x-powered-by: Phusion Passenger Enterprise 5.2.3
< x-rack-cache: miss
< x-request-id: 644fd81b-abe7-4385-a894-e86908788aa9
< x-runtime: 0.015689
< set-cookie: __cf_bm=aab8ff2881568b1383149924761861948fce2ae5-1548402843-1800-AQNhBZAT9UNf5Za3+KxTc6n+wNwi+XEcF8bVc9ZNs9HG2HvmdgqRHODnfa1GNrrc+h1SWxpqScB0cstaQ7vf1q4=; path=/; expires=Fri, 25-Jan-19 08:24:03 GMT; domain=.reiexplained.com; HttpOnly
< set-cookie: __cf_bm=12cebb92bad0f6925ed90cb64dd9109de83b667e-1548402843-1800-AWIwONBENwIAU32x64NKDumENCVart9yphB5ccHeiupVVISbl4OpaRgr5NAesEt3C4izZ1DJLiG7mjZb8UGY1/Q=; path=/; expires=Fri, 25-Jan-19 08:24:03 GMT; domain=.reiexplained.com; HttpOnly
< server: cloudflare
< 
* Connection #0 to host reiexplained.com left intact
<html><body>You are being <a href="https://www.clickfunnels.com">redirected</a>.</body></html>

Not only the that, it seems that the certificate was issued on January 15th already - 10 days ago.


closed #13

This topic was automatically closed after 30 days. New replies are no longer allowed.