I changed to DNS-only then my site begins serving invalid SSL certificate

I changed to from “DNS & HTTP Proxy” mode (orange cloud icon) DNS-only mode (grey cloud icon) for troubleshooting something else, then my site begins serving invalid SSL certificate!
So I quickly put reinstate the orange cloud icon.

But the shared certificate feature doesn’t seem to come back…

It has been more than 10 minutes. Do I just need to wait longer? Oh wait, I just re-checked, and it seems to be back to normal.

I would like to ask whether there is a way to set DNS-only mode without losing the shared-certificate feature.

The problem I am trying to solve, is that I am getting some user activity on PHPList served from my site, and their logged IPs are all Cloudflare IPs, instead of users’ ISP IPs. This is preventing me from troubleshooting something.

DNS only mode means your server itself is serving the connections, so the certificate on it is what the browser will get. We recommend you get LetsEncrypt if you want to use dns-only mode as it’s a free browser-trusted CA.

As for changing back to proxy mode, it should take only 5 minutes but your ISP and/or router might cache the DNS records more aggressively. Since it’s been 2 hours since your post it should be working now.

Thank you Judge.
Setting up Let’sEncrypt in my Plesk VPS was a snap.

Now my website can run with DNS-only mode. And I should be able to see actual user IPs being logged in PHPList. But I will no longer have the bandwidth offloading and DDOS-protection benefits of Cloudflare.

I gather that there should be ways of using Cloudflare proxy whilst allowing the server to log real visitor IPs. Is there an article for this?

Hi @darrentay,

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs