I just added a loadbalancer and two servers into the pool. When adding the servers to the pool I used their IPs. This seems to work however the pool shows “Critical” because the SSL does not match the IP. This bugs me so I tried to resolve it by adding two A-records, one for each server like:
I changed the IPs for these sub-domains in the pool settings. It resolves the “Critical” note on the pool status. But it instantly results in error:
Error 1000 - DNS points to prohibited IP
There are no Cloudflare IPs in my DNS for this domain and they were not moved over from anywhere else.
Probably missing something easy…
How do I get rid of that “Critical” note on pool status properly, or should I just leave the IPs there and ignore it.
Are they pointing to the same IP or different IP?
Could you try with option
Pause Cloudflare on Site?
Therefore, re-check for the DNS records if they point to the correct IP address of your hosting provider or your origin host/server.
May I suggest looking here:
General Information about Error 1000
This tutorial covers Error 1000 - DNS points to prohibited IP, which looks like this:
This error is most commonly caused due to one or more DNS records in the Cloudflare dashboard pointing to a Cloudflare IP address. It can also be caused if your DNS record(s) reference another reverse proxy. In this tutorial, we will focus on fixing the most common cause, DNS records pointing to Cloudflare IPs. If you see this error, follow the steps below and do…
This could lead to a potential issue with SSL as far as it is a deep sub-domain at first sight to me:
This tutorial covers a possible reason for the SSL_ERROR_NO_CYPHER_OVERLAP and ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors (Firefox and Chrome respectively) when seen on a subdomain.
The Cloudflare universal certificates cover example.com and *.example.com. This means that it covers any subdomain one level below the domain you signed up with.
It will cover www.example.com and subdomain.example.com, as these are one level below the root domain, example.com.
The certificate will not cover www.sub…
Thank you for the suggestions and help. I added a good header value to each server in the pool and the issue with it showing critical status is now resolved.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.