Proxy status active

Hi,

I cannot access the site while proxy status is active.
Is there anyone who can help with this issue?

Domain?

btcfunds.vip

You have an incorrect DNSSEC setup and need to fix this at your registrar. Either disable DNSSEC or configure the values provided by Cloudflare.

where can i do it?

Again

Hi sandro,

There is no problem with domain and dns records. I cannot access the site only when the proxy status is activated.

A non-working DNSSEC setup is a problem with the domain and that’s what you need to fix.

It may appear that way to you as your resolver, or the ISP resolver you are using, does not validate DNSSEC. But any visitor to your website whose DNS does use DNSSEC (including anyone using Cloudflare’s 1.1.1.1, Google’s 8.8.8.8 or most other public resolvers) will not be able to reach your site so you must fix the DNSSEC issue as @Sandro says.

You can see that problem for your domain here…
https://cf.sjr.org.uk/tools/check?728aaf9d38ba4922bd119b7f70d0e8fb#resolvers

After that, check SSL/TLS is set to “Full (strict)” as you may seeing “too many redirects”. But fixing that, even if it appears to work for you, won’t fix the DNSSEC issue that will prevent most people from visiting your site.

As pointed out, either turn DNSSEC off at your registrar (Godaddy) - the easiest option for now - or enable it at Cloudflare and replace the existing DS records at Godaddy with the values given by Cloudflare here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

DNSSEC protects DNS records from being spoofed so by changing the DNS to Cloudflare, you need to give the nameserver above (via Godaddy) the new signature or resolvers will treat the records as if they were spoofed and so not return anything.

You configured now one additional DNSSEC entry with your registrar, which neither is a valid Cloudflare signature. You probably best disable DNSSEC altogether for now and make sure your site is generally correctly configured (such as what @sjr mentioned, making sure you use Full Strict - which is utmost important).

Once everything works fine, you can still enable DNSSEC if you want.

Thank you sandpro,

dns ok :clap:

now ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
help me?

Due to the DNSSEC issue, Cloudflare couldn’t generate the SSL certificate for your site. It should happen within an hour (but can take up to 24 hours)…
https://cf.sjr.org.uk/tools/check?3cef133eeaa9461cb1329c890e2b3fa4#connection-server

All right, you do have DNSSEC fixed now, however Cloudflare now needs to issue the proxy certificates and that can take a while. Check back tomorrow and make sure your encryption mode is Full Strict in the meantime.

You can possibly speed it up by disabling Universal SSL, waiting an hour, and re-enabling it.

thank you for everything @sandro

Pleasure, but did you also verify that you are on Full Strict? If not, you’d still have no security.


Is is ok?

That is absolutely fine and your site will be secure.

1 Like