Error Code 1000 started happening unexpectedly

Website, Application, Performance DNS & Network
1

What is the name of the domain?

‘happyhorses.is’

What is the error number?

1000

What is the error message?

DNS points to prohibited IP

What is the issue you’re encountering

Cannot reach the website.

What steps have you taken to resolve the issue?

  1. Paused Cloudflare on the site, no change.
  2. Confirmed the IPv4 address for the server in DNS A record, it is the same as it always has been.
  3. Checked registrar for the correct Cloudflare DNS servers; henry and cloe, which are correct.
  4. I checked DNS propagation, even though nothing has changed, and I see 7 IPv4 addresses returned for the domain name. Every other site I checked has 2.
  5. A DNS checker shows 7 results for this domain, every other site I checked shows 1 or 2.
  6. Google Toolbox shows 7 results for this domain, every other site I checked shows 1 or 2.

This is a new one on me. I have never seen this error before, and all settings are what they have been since the domain was added to Cloudflare. The only odd thing I see is 7 responses for DNS queries.

What feature, service or problem is this related to?

Nameservers

What are the steps to reproduce the issue?

Visit the site.

IMPORTANT! I checked one final time before submitting this report, and now the error 1000 has changed to this:
This site can’t be reached
The web page might be temporarily down or it may have moved permanently to a new web address.
ERR_QUIC_PROTOCOL_ERROR

The server is running, and monitoring software can connect to it.

Final update before submitting: Error 1000 has returned.

2

This appears to be rolling out across free zones at the moment and is likely not related to your issue. Several of my free zones are doing the same.

Who is your web host and what is the DNS record you are using the point to them in your Cloudflare DNS?

3

I own my own web hosting company. The server is a VPS with only this site on it. The IPv4 in the Cloudflare DNS A record matches the IPv4 of the server. The server is reachable via SFTP, SSH, and my VPS supplier’s console. The issues seem to be related to DNS.

4

HTTP requests reach your origin ok (which return a redirect to HTTPS from your origin), it is HTTPS that’s giving the error…
https://cf.sjr.dev/tools/check?828642facd3948db81f4c09db5a36771#connection-server-http

Check here for reasons other than DNS which can cause error 1000

5

Thank you for the tip. I did notice the SSL cert. recheck was scheduled for 31/12; however, no time is specified:

SSL/TLS encryption

Current encryption mode:

Full (strict)

The encryption mode was last changed 3 months ago.

Automatic mode enabled 3 months ago.

Next automatic scan on: 12/31.

happyhorses.is is using automatic SSL/TLS
Your encryption mode is set to Cloudflare’s recommendation. Override this by switching to custom.

6

Screenshot at Dec 31 23-54-56
Screenshot at Dec 31 23-54-562694×1458 271 KB

7

Did you check the list of suggestions from the error 1000 link I gave?

8

My apologies for the delayed reply. I checked everything on the list that made sense, and since this happened completely unexpectedly without anyone making any known changes, I decided to focus on the only clue that I had. This was the next automatic check date for SSL from Cloudflare on 312/12.

Since the Cloudflare setting was already at the recommended setting, which was FULL (STRICT), I decided to delete the DS records at the registrar, and try experimenting different SSL settings in Cloudflare. Unfortunately, nothing changed.

In my server control panel, I deleted the current SSL cert which, according to my control panel expired in 30 days, and reissue it. Every time I tried to reissue the Let’s Encrypt cert, the process failed. From what I could see in the control panel, the reissue failed because the domain resolved to (what appeared to be) a Cloudflare DNS server IP address.

There is an option to “Use DNS provider to request certificate” with the description “This will allow you to request an SSL certificate through a DNS provider. You can add DNS providers to your profile.” Unfortunately, this also failed.

The final option I tried in the server control panel was “Force request (skip DNS verification).” Fortunately, this worked and the issue was immediately resolved and the site came back online.

In the end, I somehow feel that this issue will arise again when the current SSL cert expires in 90 days. While it looks like I have a workaround for whatever problem is causing this, I would prefer to determine the root cause(s) and resolve those. I have never liked the “I don’t know how I fixed it, but I fixed it” strategy.

On another note, it appears the tool you used to point me in the direction of an SSL issue is still reporting a 403 error, even though the site is working. Could that be a key to resolving this permanently?

9

It doesn’t really make sense. Error 1000 is specifically where your DNS records point to a Cloudflare IP address, or a request passes through the proxy twice and related issues. An origin SSL issue would give one of the 52X Cloudflare errors so I don’t know what your problem was.

There’s a few posts around that detail how to ensure HTTP-01 challenges pass through the proxy. DNS-01 challenges work fine and I prefer them (SSL-only to my origin), but I use certbot and the Cloudflare-DNS plugin at the command line rather than a control panel.

10

I agree: it doesn’t make sense. The only thing I found that even resembles a clue as to the cause, was the Cloudflare automatic SSL check scheduled for 31/12. That’s the day it happened. The setting was ‘automatic’, and the specific setting was ‘full/strict’. I am really concerned this will start happening again in 3 months, or sooner, if another Cloudflare automatic SSL check occurs. I guess I will just have to cross my fingers.

11

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.