Error403 Migrated from Wix to Shopify, now Cloudflare "headers" are preventing customers to view site

Shopify help desk answer:

I can confirm that your domain is hosted with Shopify and the DNS configurations are correct, however a SSL certificate can’t be provisioned by Shopify as there are Cloudflare headers preventing this. Only Cloudflare can remove these headers which they can do if you contact their Support team. To reach out to them you will need to make an account here so that you can create a Support Ticket but once they’ve removed that, your domain will be able to provision a SSL certificate.

How can I get this resolved?

Thanks in advance!

I’m not entirely sure I understand their reply. What “headers” specifically would prevent SSL certificate verification?

2 Likes

Hi smarsh

I have no clue. Is it possible that the problem is there because we had Wix first, using cloudflare and then migrated to Shopify who also use clouflare and there is an issue with that?

kind regards

1 Like

I chatted with Spotify again and they tell me this:

Okay, thank you. I believe this issue can be resolved by you either logging into your old Cloudflare account and removing the SSL/DNS configurations or by contacting Cloudflare support to get their help in removing the old configuration. This can not be resolved from Shopify’s side unfortunately as we do not have access to this information, it will need to be resolved directly in Cloudflare. If you have done this already, then as you mentioned yesterday was when you last edited this. I would suggest waiting another 24 - 48 hours to confirm if it has been provisioned.

Can you please find out from Shopify which Cloudflare headers are interfering? They keep saying this, but nobody can track down which headers are causing the problem.

3 Likes

Hi sdayman

I checked with Shopify and they answer me this:

Greetings, Marnik!

Lindsay here from Shopify Support. I hope this email finds you well.

I know this topic is important to you so I’ve scoured our guides/tools and would be happy to shine a light on this for you. Let’s get started!

I’ve conducted a report and can confirm that your domain is hosted with Shopify and the DNS configurations are correct. That said, my report shows that an SSL certificate can’t be provisioned by Shopify as there are Cloudflare headers preventing this. I understand that you have connected with Cloudflare and they have requested the specific headers/configurations that need to be removed. According to my research, only Cloudflare can remove and identify these headers but I was able to discover these external sites that show that Cloudflare is still interfering - feel free to share this information with the Cloudflare Support team!

Your Shopify Support response said:

Oh, so now it’s Cloudflare that told you about the header problem? Is this true?

Users can modify inbound and outbound headers at Cloudflare, but only if Shopify would be so kind as to explain which headers they keep talking about.
https://developers.cloudflare.com/rules/transform/request-header-modification
https://developers.cloudflare.com/rules/transform/response-header-modification

No, Shopify informed me about the header problem. They say that only cloudflare can check what headers need to be removed…

I have no clue about what headers I should remove, that’s why I’m looking for help.
It’s strange to me that lattemamiato.com does work but www.lattemamiato.com doesn’t.

I tried to add the outcome of using the two links I put above but I can’t post anymore posts with embeded links in them

here is the first print screen

And second

That was an unexpected twist. Your domain doesn’t even use Cloudflare DNS.

Your first screen doesn’t show any headers. Both hostnames point to that same Shopify IP address.

The Selectri test isn’t very accurate. The problem with ‘www’ is that there’s no TLS/SSL certificate for it. And it points to Shopify. Did you ever have your domain with a host that put it in Cloudflare? Wix doesn’t use Cloudflare, so it must have been someone else.

2 Likes

We only recently migrated from Wix to Shopify and we started/bought our domain with wix and now it’s hosted by Tucow’s via Shopify.

On the Shopify site it indeed says that the SSL for the www domain is pending

I adjusted your permissions a bit that may help with posting.

@user12479 your nameservers were confirmed 11/29 and you deleted the zone from your account later the same day. Unless you Add a site and add it back we cannot really help a lot with the certificate issue.

Yes, that seemed to work but then Shopify asked me to use their provided nameservers again. So I did. Now I’m confused about which ones to use

1 Like

If/when you speak with shopify can you ask them if when they say headers if they actually mean a custom hostname? This sounds like you are hitting this issue, DNS record updated with New server IP but still domain loads from old IP / Server - #2 by sdayman

If so, the community is unable to assist you with issues such as this where an old provider used Cloudflare for SaaS. When you contact shopify, ask them to remove any Cloudflare configurations for your domain, specifically SSL for SaaS / Custom Hostnames.

If they are unable to help you, please email [email protected] with the subject Cannot remove custom host name and details of the issue. Once you’ve done that you’ll receive an automatic response with a ticket number. Please post that here so we can escalate it. Once you have connected with Support on the ticket they will ask you to verify domain ownership of the domain by adding a txt record to the domain in order to verify domain ownership.

2 Likes

What do you mean exactly?

1 Like

Sorry, slippery keyboard this morning, posted before complete!

Thanks for the info!

I checked again with Shopify and they deleted the domain in the backend and had me recreate it “on the root”. the SSL pending warning is now gone and everything seems to be working.

1 Like