Hopegate.academy does not resolve to hopegate.mylearnworlds.com

I tested hopegate.academy SSL Certificate and it fails Browser Testing?

I used sslshopper.com SSL Checker.

Also if you put hopegate.academy in browser address you get 404 NOT FOUND.

www.hopegate.academy works fine and passes SSL Checker.

I am using the Cloudflare Universal SSL and www.hopegate.academy is correct but the SSL Certificate on hopegate.academy fails sslshopper.com SSL Checker as a fake Certificate.

How do I get both domains with a good Certificate that pass all browser tests.

Within the Cloudflare DNS records for Cloudflare Website “Hopegate Academy”, www.hopegate.academy is pointing to hopegate.learnworlds.com (Type CNAME Record)
and hopegate.academy points to an IP (Type A Record)

Thank you for your prompt assistance,

James Vernon

That does have multiple reasons:

  1. you are not having that DNS entry proxied (nor www) and therefore this problem:
    1.1. is not related to Cloudflare
    1.2. is not influenced by Cloudflare, as Cloudflare will work as “DNS-Only” on unproxied DNS entries.
  2. you do not have a valid SSL Cert installed, that will be served by hopegate.academy, but one that will be served when www.hopegate.academy is requested.

Nope, as your DNS entries are unproxied you do not use any Cloudflare features, beside the DNS solely

First you serve this domain on HTTP and HTTPS, so if you check with HTTP it just does not offer any (normal) but also does not redirect to HTTPS (which it should).

Checking HTTPS reveals a “Kubernetes Ingress Controller Fake Certificate” cert, which indeed is a fake cert and is not valid.

That indeed is something Cloudflare can help you with, but before proxying, please make sure that you do serve both (www and without) with valid SSL Certs before proceeding.

After this is done, switch on the proxy mode :orange: in the DNS section and use SSL Mode “Full (Strict)”. Please also be aware that Cloudflare proxy must actually be considered dangerous, as it can hide/conceal an unsafe connection and label it as “secure” while it is not. The possibility of this actually is very high, so please make sure you have valid SSL Certs before you proceed.

1 Like

Thanks Martin, your input was very helpful and I now have 2 good Certificates,SSL Checker Passes.

But hopegate.academy still gives 404 NOT FOUND but is secure. I guess this is a Learn Worlds problem.

www.hopegate.academy works fine.

Jim

No it is not, you just did, what I warned you from - your connection is “labled” as secure, while it is not. You did not follow my instructions and just turned on :orange: and put Cloudflare also in a different mode as instructed. You put it into “Flexible SSL” or “Full”, but not “Full (Strict)”.

The 404 issue is originated at your origin and does not have anything to do with Cloudflare.

I have put it to Full Strict!

Jim

Yes, now it shows the error, it should show: Invalid SSL certificate (526)

That means, you did not replace the fake SSL Cert with a proper one. Please do so, then the error goes away and your connection (and therefore the data of you users) are secure.

But you can also handle the problem like this:

  • use a PageRule to redirect from hopegate.academy to www.hopegate.academy
  • Then no one will ever be able to HIT your origin from hopegate.academy and the problem basically is fixed, as long as you use Cloudflare.

Martin, I decided not to wait for Learn Worlds to create a SSL Certificate and I created a Page Rule as you suggested.

Both domains are working now! Thank you for your assistance,

Jim

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.