`Https://1.1.1.1/help` vs `Https://one.one.one.one/help`

Eth0 · August 6, 2023, 5:19pm

Can anyone at cloudflare confirm a discreprency. I have noticed during testing.

When I navigate to:
https://cloudlfare-dns.com/help

This dns record will resolve in the browser to:
https://one.one.one.one/help

The ssl cert on the 2 above urls show a cert that seems unusual. Which brings in question the result is actually reaching the intended origin. The common name on the cert is awkard one.one.one no organization and has a cert issued by a google CA . This is what I would like to confirm with maybe the cloudflare team.

https://one.one.one.one/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJZZXMiLCJpc0RvaCI6Ik5vIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiTEFYIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

In contrast to when you run the same tool with a different url:
https://1.1.1.1/help

The ssl cert is different showing a digcert CA and the cert seems to be more completely filled out. Although after the service runs through the test , they both show going to the same data center. Producing the same copy and past output above.

Also on a last note occasionally the services above will not work properly as it hangs in the AS name & number search process. After several refreshes it will usually begin to work again.

Thanks for any information you could provide.

oneandonlyjason · August 6, 2023, 7:58pm

Cloudflare uses different CAs for their Certificates Certificate authorities · Cloudflare SSL/TLS docs

The Certificate on 1.1.1.1 is a Older Certificate that still uses Digicerts as a CA. All the Digicert Certificates are getting deprecated when they need to renew. one.one.one.one already has a newer Certificate. Most newer Certificates are signed from Google Trust Services.

I cant really help with the other Points tho

anb · August 7, 2023, 6:00pm

Hi @Eth0,

Thank you for raising it up, which is a valid concern. I can confirm these requests reached our origin server. The background information is, that we are cleaning and reorganize some of our resources, so changes like this are expected, as long as it still works for your use case.

Please let us know if you have other concerns.

system · September 6, 2023, 6:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.