HSTS error but SSL and HSTS are enabled

Hello, i have searched for solutions before posting my problem here (nothing helped)

I accidentally deleted all files on my domain, after that my website is inaccessible (i removed it from panel and added again)
Also changed SSL, re-enabled HSTS and re-issued certificates

Also image from browser:

That error indicates that you are using a Cloudflare Origin certificate on a hostname which is :grey: on the DNS dashboard. Set it to :orange:, and make sure your SSL mode is set to Full (Strict) on the SSL/TLS tab on the dashboard.

1 Like

I cannot find any :grey: in DNS tab

I’m not seeing a certificate error for your domain, but www returns a 503 error, so the site is not working as expected.

The ftp, mail, pop and smtp names need to be :grey: or they will not work. Also, you have two MX records pointing at the same origin, so you should delete the one with priority 20.

How i can change status of record?

I don’t know how to do that and I’m not seeing any :grey: here

Please help :sob:

Go here: https://dash.cloudflare.com/?to=/:account/:zone/dns

I already, i don’t see any :grey: on that page, also i can’t change status of record

I don’t know how to do that, that’s my problem

What i actually see, is:

Then I believe the DNS resolver used by your ISP has outdated information.

Change it to something like or


I’ve added new domain with hosting panel, also added it on cloudflare, created new ssl and applied it to domain
After 2 days:

Website was working normally hour ago

Looks good to me.

You may have a locally cached DNS entry, or have gone :grey: briefly during your testing.

FYI: You need to set your HSTS max-age to 1 year to add to the HSTS preload list.
And the DNS entries for ftp, pop, mail and smtp need to have their proxy status set to DNS Only :grey: or those protocols will not work.


Ok, will try that, thanks

Oh, i’ve checked website from mobile, i have cached DNS because website works normally on other devices, i’m right?

For me it seems something is wrong with your NameServer propagation:

Somewhere its:


and somewhere:

Thats why everyone here and every test is inconsistent as everyone could technically use different NameServer as they are not fully propagated or not correct propagated


for me the same error appears as for me I do get the russian NameServer and therefore its showing the CloudFlare Origin Cert which is not valid publicly.