Problem with Cloudflare activation on Bluehost

I activated Cloudflare on two domains hosted on Bluehost but they are not working. I do not know what to do to remedy the situation. Hosting provider says it is Cloudflare issue. Email was working on domains but nothing now. Please help! One of these sites is ecommerce site and needs to be up for holiday season!!

1 Like

Domain name?

kachelman. com and presentlyperfect. net

presentlyperfect.net has too many redirects…
https://cf.sjr.org.uk/tools/check?33638e4de4ab4478906e2a85e1dec1fd#connection-server

Set SSL/TLS to “Full (strict)” here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

kachelman.com is giving error 526, usually a problem with the SSL certificate on the origin.
https://cf.sjr.org.uk/tools/check?492df41c6d064cd4bf37bd05bb645a6d#connection-server
(also seems to have an advanced or custom edge SSL certificate?)

Thank you! looks like that may have worked. I can now access the presently perfect site!

So are you saying that my hosting provider has to resolve that? Or is that an SSL function on Cloudflare?

The 526 error usually occurs when Cloudflare’s proxy is trying to connect to your origin, and the certificate there has a problem. (It has expired, is self-signed or something else).

If you can give the IP address for it, we can look.

I am chatting with Bluehost right now to see if they can check.

What IP address would you need?

The IP address of the actual server (the A record you have entered in to Cloudflare).

Does that help??

Check with Bluehost what your web and email IP addresses should be. There’s an obvious different one there so maybe that, or all, are wrong.

I just asked them and they said they were all good. So confused!

Seems the origin has a Cloudflare certificate (likely an origin CA certificate) and returns 403 when connecting directly. Not sure why Cloudflare returns a 526 against that, it may be it’s not the correct origin CA certificate for the domain.

curl -Ivv https://123.123.123.123 -H "Host: kachelman.com" --insecure
*   Trying 123.123.123.123:443...
* Connected to 123.123.123.123 (123.123.123.123) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Aug 26 00:00:00 2023 GMT
*  expire date: Aug 25 23:59:59 2024 GMT
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x562f0f24ee90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> HEAD / HTTP/2
> Host: kachelman.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 403
HTTP/2 403
< server: cloudflare
server: cloudflare
< date: Thu, 21 Dec 2023 20:48:49 GMT
date: Thu, 21 Dec 2023 20:48:49 GMT
< content-type: text/html
content-type: text/html
< content-length: 151
content-length: 151
< cf-ray: 8392fcf5493423e2-LHR
cf-ray: 8392fcf5493423e2-LHR

Ok. Makes me feel better because I could not figure out the situation. Need to get this resolved though. Any suggestions?

Things work direct to the origin for HTTP. While the IP address isn’t one of Cloudflare’s, a Cloudflare server is responding so likely the host is also using Cloudflare on their own IPs.

Things work for HTTP, so ask your host to check the SSL certificate on the origin is correct for your domain because it doesn’t seem to be.

curl -I http://66.235.200.146 -H "Host: kachelman.com"
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:06:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
CF-Cache-Status: MISS
Last-Modified: Thu, 21 Dec 2023 21:06:49 GMT
Accept-Ranges: bytes
Set-Cookie: _cfuvid=In8Hw.o_pvAt.Z8rycsZfElXfAgBpQfNXElKuOBeIZw-1703192809323-0-604800000; path=/; domain=.kachelman.com; HttpOnly
Server: cloudflare
CF-RAY: 8393174e0ea38926-LHR

Not sure I understand you on this one. Will reach back out to Bluehost…but they keep saying it is a Cloudflare issue

Got Bluehost to reissue a SSL…but doesn’t seem to have solved the problem

What is the ssl setting for the domain causing the issue?

With a new certificate, if tls/ssl is not set to Full (strict) it may be worth trying.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.