Followed DNS settings suggestion in a previous post, and now the site won't load

I followed the solution in a previous post (Neither www.example.com or example.com work - DNS issue), and now the current DNS settings are preventing my website from loading.

I was trying to implement the following:

  • Redirect everything to https://www.ukfirecalculator.com, going to https://ukfirecalculator.com takes visitors to https://www.ukfirecalculator.com.

Please could someone advise on how to resolve this issue?

Some more information, since it won’t let me edit the initial post.

I have a redirect rule setup, exactly as outlined here:

https://developers.cloudflare.com/rules/url-forwarding/single-redirects/examples/#redirect-all-requests-to-a-different-hostname

…This redirects all traffic going to example.com, to go to www.example.com instead.

Currently, any traffic going to example.com, redirects to www.example.com. However any traffic going to www.example.com, presents me with the following Cloudflare error page (Http Status Code 522):

Help and guidance much appreciated, thank you.

When you pause Cloudflare are you able to reach your site?

I’ve paused Cloudflare.
Do I now just try and visit the website IP Address directly?

No. You still need to use your domain name. It will resolve to your server IP while Cloudflare is paused.

Ok,
www.example.com works.
whereas just example.com times out.

You will need a valid IP on the apex name if you want it to be able to reach your server. You can use the dummy IP on www to make sure that it only reaches the Cloudflare proxy. You need to swap the real IP and the dummy IP.

The website is hosted in Microsoft Azure.
The website in Microsoft Azure shows an IP Address of, for example, 123.456.78.9.
If I go directly to the IP Address (123.456.78.9), I get a Microsoft Azure 404 page…seen below:

Where do I get a valid IP Address from?

From the name that was working. That is what I meant by:

That is expected behavior since you aren’t sending a HOST header when you attempt to access directly by IP. That won’t work with name-based virtual hosting.

Swap the IPs between the two A records.

Apologies, I do not understand what you mean (I have zero knowledge of DNS).

You are telling me that the solution is to swap the ip addresses (presumably you mean between the two A records that I have configured?)

Sorry, just re-read what you wrote.
Swapping the A record ip addresses now.

I’ve swapped the IP Addresses of the two A Records.
Now neither of the domains work.

Next steps?

Both load fine from here. You don’t have any active redirect from www to the naked domain, though. I thought configuring that was your underlying motivation. You will need to set up the corresponding redirect if that is what you want.

See example two for more detail.

I’ve set this up already. How do you know that it isn’t working? Here is the configuration of the redirect rule for sending example.com to www.example.com. Is this not correct?

That rule is from your apex to www and testing indicates that it isn’t active.

I was providing details on redirecting the other way, but as long as both are proxied, and the hostname that you want to use as the canonical name (e.g. the preferred name) points to your origin server IP, you should be fine as long as the right redirect rule is active.

You can see below that the redirection is not happening. Note the HTTP/2 200 response rather than a 301.

% curl -Iiv https://ukfirecalculator.com/ 
*   Trying [2606:4700:3034::6815:3a57]:443...
* Connected to ukfirecalculator.com (2606:4700:3034::6815:3a57) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=ukfirecalculator.com
*  start date: Jan 27 18:31:45 2024 GMT
*  expire date: Apr 26 18:31:44 2024 GMT
*  subjectAltName: host "ukfirecalculator.com" matched cert's "ukfirecalculator.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1P5
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: HEAD]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: ukfirecalculator.com]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x5af978fa90)
> HEAD / HTTP/2
> Host: ukfirecalculator.com
> user-agent: curl/7.88.1
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 200 
HTTP/2 200 
< date: Wed, 14 Feb 2024 21:33:32 GMT
date: Wed, 14 Feb 2024 21:33:32 GMT
< content-type: text/html; charset=utf-8
content-type: text/html; charset=utf-8
< cache-control: no-cache, no-store
cache-control: no-cache, no-store
< pragma: no-cache
pragma: no-cache
< set-cookie: .AspNetCore.Antiforgery.RtGCWVXC8-4=CfDJ8C7B4lk9vYRAuoQNpQu6IxoPOrMwqgQRkoJWicWIWXbNn3oRbdPx04n5QR1ubv386sBEUe0U0jebH6GyFYUUfmErJGPgvPz2yY4H4Cy7fV1mkCIimyzVEtMmqz2w0l-ZFyDa29VL4kGRPsHNHAebqOI; path=/; samesite=strict; httponly
set-cookie: .AspNetCore.Antiforgery.RtGCWVXC8-4=CfDJ8C7B4lk9vYRAuoQNpQu6IxoPOrMwqgQRkoJWicWIWXbNn3oRbdPx04n5QR1ubv386sBEUe0U0jebH6GyFYUUfmErJGPgvPz2yY4H4Cy7fV1mkCIimyzVEtMmqz2w0l-ZFyDa29VL4kGRPsHNHAebqOI; path=/; samesite=strict; httponly
< set-cookie: .AspNetCore.Mvc.CookieTempDataProvider=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax; httponly
set-cookie: .AspNetCore.Mvc.CookieTempDataProvider=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax; httponly
< strict-transport-security: max-age=2592000
strict-transport-security: max-age=2592000
< request-context: appId=cid-v1:38801575-97d1-4e1a-9c24-d39320e67ce8
request-context: appId=cid-v1:38801575-97d1-4e1a-9c24-d39320e67ce8
< x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
< cf-cache-status: DYNAMIC
cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYXunWWGRnxaDJWkP9CPfTs27oum6WmAOEo6Y%2FO9i6pSYLPPG0LdC0mHjq7iyc5g9wHmESqYODUWDZQBfVjAW1L3WLRopn3XnD%2FOoywr89UVebRMN54wxJ1lnJwwff2kIjdzX3qD5RIx7Cs7A%2Bm%2BzSWZgA%3D%3D"}],"group":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYXunWWGRnxaDJWkP9CPfTs27oum6WmAOEo6Y%2FO9i6pSYLPPG0LdC0mHjq7iyc5g9wHmESqYODUWDZQBfVjAW1L3WLRopn3XnD%2FOoywr89UVebRMN54wxJ1lnJwwff2kIjdzX3qD5RIx7Cs7A%2Bm%2BzSWZgA%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
server: cloudflare
< cf-ray: 85586e131e708393-SEA
cf-ray: 85586e131e708393-SEA
< alt-svc: h3=":443"; ma=86400
alt-svc: h3=":443"; ma=86400
...

That’s weird, because it’s enabled:

What are the names of the two Cloudflare nameservers shown in your Cloudflare dashboard?

Thanks that is what I see published in your DNS. That is good.

clyde.ns.cloudflare.com.
daisy.ns.cloudflare.com.

Have you tried a trace yet?

The trace comes back with an Http Status 200.