How to delete AAAA records? I can't get SSL sertificate in hosting panel of my hoster for subdomain because AAAA

How to delete AAAA records? I can’t get SSL sertificate for subdomain because AAAA records prevent it.

Hosting support said, that AAAA exist:

dig AAAA +short `idn москва.сэс.сайт`
2606:4700:3032::681b:b9d8
2606:4700:3031::681b:b8d8
2606:4700:3035::ac43:a8a2

But I can’t find them in DNS settings page in Cloudflare.

And may be I can get SSL-sertificate in cloudflare for free? How?

Why can’t you? AAAA records have nothing to do with certificate validation or provisioning.

I suspect your host may be a bit confused about how Cloudflare works, make sure they understand that it acts as a reverse proxy.

3 Likes

Unless you are on a paid plan you cannot remove these AAAA records. What you can do is temporarily unproxy that record (switch from :orange: to :grey:) and - assuming you do not have any AAAA records configured - that will show your actual server address. Then you can have the certificate issued and switch back again to the proxy.

However the issuance of a certificate is unrelated to any DNS records, so the AAAA records should not be a problem in the first place. You might want to clarify this with your host and they should elaborate on what exactly they believe the issue is.

Again, you best unproxy your host and have the certificate issued.

2 Likes

Thanks for your answer!
They answered:
“In case you send the domain to our server, issue a certificate here, then turn on proxy back, you still need to install the certificate on the Cloudflare server.”

Is it right?

We just want our subdomain work with https, not http.

Cloudflare already have a certificate in place for your subdomain:

Your Origin server is reporting a 502 error, which is what is the most likely reason the certificate cannot be issued, and you should direct your initial attention to clearing that 502 error.

The 502 error is caused by a problem connecting to an upstream server - meaning your server is trying to initiate a process and this fails to work as expected or times out. In most cases of 502 errors, back-end servers are not communicating correctly. When this happens, you will see color page with Cloudflare branding and the Error 502 Bad Gateway . Review this Community Tip for fixing 502 or 504 gateway errors.

It is correct in so far as that you need a certificate on the proxies as well, however this is automatically provisioned by Cloudflare and something you usually do not need to worry about.

You need to make sure your server has a valid certificate in place. Did you manage to get this configured at this point? Did your host explain what the AAAA issue is supposed to be?

As far as I can tell your site does load now, however it only has a self-signed certificate installed which means your encryption mode won’t be “Full strict” but only “Full” which is not really properly secure.

You should still get a valid certificate on your server and change to “Full strict”. If your host can’t help you here you could also get an Origin certificate from Cloudflare and configure that yourself on your server (if your host allows that)

Many thanks!

Finally my hoster said, that they have connected self-written certificate and after that site started working!

Many thanks!

Today my hoster said, that they have connected self-written certificate and after that site started working.

Many thanks!

Finally today my hoster said, that they have connected self-written certificate and after that site started working!

That’s exactly the issue I referred to. You don’t have a valid certificate on your server hence the site won’t be fully secure. Refer back to my previous message.