Need Help: Domain Mapping and SSL Issues with Ghost Pro and Cloudflare

Hello everyone,

This is my first post, and I am quite new to Ghost Pro, so bear with me.

I’m currently attempting to map my existing domain, www.midsmas.com, to my new Ghost Pro blog at midsmas.ghost.io. My domain was previously connected to a Wordpress blog hosted on Siteground, but I’ve decided to make a switch to Ghost.

The domain was initially purchased through Google Domains, and I followed the steps as mentioned in the Ghost help article on Google domain setup (Google domain setup). But, after learning that Google Domains doesn’t support CNAME root domain configurations and using an A record for the root domain isn’t supported either, I set up a free Cloudflare account for better flexibility, following the recommendations from the same Ghost help article.

As far as I can tell, I’ve correctly set up Cloudflare and configured everything according to this Ghost help article: Cloudflare domain setup. The “Zones” section of my Cloudflare account shows that the zone, midsmas.com, is active, and the dashboard message indicates that Cloudflare is now protecting my site.

In the “DNS” section, I’ve set up the following records:

• A record for midsmas.com pointing to 178.128.137.126 (Proxied, TTL - Auto)
• CNAME for _domainconnect pointing to connect.domains.google.com (Proxied, TTL - Auto)
• CNAME for www pointing to midsmas.ghost.io (Proxied, TTL - Auto)

And my Cloudflare Nameservers are:

• mack.ns.cloudflare.com
• margaret.ns.cloudflare.com

The last recommended step is to add an MX record for my root domain for email. However, as I don’t have an email associated with midsmas.com and have no plans for setting one up soon, I haven’t done this.

Here’s my problem: Even though it’s been 24 hours since I made these changes, when I navigate to www.midsmas.com, I get an ‘Error’ page from Siteground, my previous host. Also, the free SSL certificate generated by Cloudflare doesn’t seem to be active, as Google Chrome is showing me a security error. When I check DNS propagator sites, the A record appears to have propagated, but not the CNAME record, which seems odd.

Has anyone encountered a similar problem or have any idea what might be going wrong? Any help would be greatly appreciated!

Thanks in advance,
Joe

Hi @joependlebury

Can you confirm that your issue has been resolved and that your website is up and running?

Your configuration suggests that you have an insecure, legacy encryption mode on Cloudflare and hence still an insecure site without proper encryption. In particular your naked domain seems to be insecure.

I would pause Cloudflare and make sure the site loads fine on HTTPS (in particular on the naked domain). You will have to contact your host to get this addressed.

Once the site loads fine on HTTPS, you can unpause Cloudflare again. Alternatively you could use a proxy redirect to have the naked domain already redirected on the proxies → Redirect example.com to www.example.com

The important thing is to set your encryption mode to Full Strict, as you won’t have any proper encryption with the legacy mode you currently have selected.

Yes, the site is up and running now, thank you.

Thank you, Sandro.

After following someone else’s recommendation, I set my SSL/TLS encryption mode to “Full,” and it seems to have resolved the issue for both www dot midsmas dot com and midsmas dot com. Unless you notice any problems?

Switching my setup to “Full (Strict)” successfully secured www dot midsmas dot com, but strangely, it led to a Cloudflare error page when accessing midsmas dot com (without the www).

I’m not entirely sure why this happened, though. It could be related to Ghost dot io publications or my domain registrar, Google Domains.

Please excuse my limited technical knowledge regarding domains, domain security, and SSL certificates.

As mentioned, that is a legacy mode and does not provide security. You need Full Strict.

My previous response basically covers all the steps you need to do.

Thank you once more. I truly appreciate the assistance and advice. I followed the steps provided in the helpful article you shared and successfully created a proxy redirect. As a result, I have now switched to “Full (Strict)” SSL mode. However, I’m unsure if the changes take effect immediately or require some time to propagate. I’ll check again later to ensure everything is working as expected.

The changes takes effect within a few moments. If you have selected Full Strict and your site loads fine, then your site is now properly secure.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.