How can I remove IP v6 adresses?

Hi,

How can I remove IP v6 entries from my domain https://www.whatsmydns.net/#AAAA/toonetcreation.com ?

Because I see this : Screenshot by Lightshot

Thanks
L.

May I ask why you would like to do so?
Even if you origin server just has a IPv4 you can keep Cloudflare supporting an IPv4 for the connection between the client and Cloudflare, but a IPv4 for Cloudflare to the origin.

But if you really need to disable it, it works via the API: How to disable IPv6 Compatibility? - #2 by cs-cf

1 Like

My host provider asked me to do that because :

So I asked my host provided and they said that does not work because there are IP v6 adresses on my DNS zone.
But from my DNS zone I could not see any IP v6 added (AAAA entries).

But If you look here https://www.whatsmydns.net/#AAAA/toonetcreation.com you see IP v6

Maybe you have a other or better Idea?

That should make no difference. I would be ~100% sure it is unrelated to IPv6.

How is your cPanel creating the DNS entries in Cloudflare? Or is it just creating “local” DNS entries that the rest of the world does not know about?

This can happen for a number of reasons, usually because the location on your webserver where Let’s Encrypt are looking for the file is not the same place where the certbot or similar tool has placed the file. (Like separate httpdocs and httpsdocs, with users accessing httpsdocs due to Full SSL mode, but certbot is dropping the file into httpdocs)

Perhaps the easiest solution is to use a Cloudflare Origin Certificate. As the hostname is :orange: you only need it trusted by Cloudflare, so an Origin CA cert is fine.

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

2 Likes

I ask my host provider and I come back to you.

If I use Cloudflare Origin Certificate, do I need to use/generate a let’s encrypt certificate from my host provider cPanel?

I received a feedback from my host provider and they said :

If you use Cloudflare’s DNS servers, cPanel’s DNS records are ignored.
Our DNS zone is not used in this case.
At least A entry of the domain must point to our servers so Let’s Encrypt can validate during generation.
If the main domain and www records point to our servers, without proxyification, that shouldn’t be a problem.
However, if you still encounter a blocking issue, it must occur at the Cloudflare level.
However, since we don’t know their restrictions, we won’t be able to give you more information.

OK. From what they are saying dns-01 will not work.

http-01 should also work, but as I said, it depends on how your Origin is setup. Essentially you need to know if the http and https versions of your Origin server use the same directories, or are they two separate directories? Any tool doing ACME http-01 will drop a file into <webroot>/.well-known/acme-challenge/. As you have SSL Mode set to Full this will only work if webroot is the same for both HTTP and HTTPS traffic to your Origin.

You can enter a page rule for toonetcreation.com/.well-known/acme-challenge to set the SSL Mode to Flexible, which may resolve your issue. That Page Rule should be at the very top of the list of Page Rules.

1 Like

let me check with my host and I come back to you :wink:

hello,

I had some feedback from my host provider.
HTTP and HTTPS are using the same dirctory, for instance /public_html/ (where the website is stored)

other point, they told me this :

However you still have IPv6 addresses in your domain’s DNS zone, so this has nothing to do with the server configuration on our side.

any idea?

any idea or suggestion?

Have you tried Let’s Debug?

1 Like

no I did’nt.
I will check thanks :wink:

after some tests, works fine now, I have added autodiscover entry to my DNS zone.

1 Like