Round-robin DNS unexpected https behavior with records proxied

I’m hosting a personal website, from my server side I have apache2 listening on port 80, https is not yet configured

While I had a single root A record which was proxied, https was working.
This is possible when using SSL/TLS encryption mode Flexible where Cloudflare encrypts the traffic between the client browser and Cloudflare but not between Cloudflare and the origin server

After adding another root DNS record according to the instructions on this page:

My website is no longer working, I am getting the Always Online or Connection timed out pages

I think the issue is not on my end since after disabling proxying on the two root A records the connections work and I’m getting a 403 Forbidden page (this is intentional)

Could it be that Round-robin DNS is expecting https traffic to&from the origin server? is there some configuration option that I might have missed?

Do you actually have multiple servers or why are you doing this? This seems rather unlikely for a personal website.

Can you share a screenshot of you DNS dashboard and your domain name?

Yes I do, currently I have two servers in two different locations, I’ll likely be adding a third
The domain is

This is exactly what I’m supposed to see, yes?

1 Like

Hmm yeah,
But this is what I’m getting

If you’re seeing what you’re supposed to be seeing then it might be some kind of cache problem but I’ve tried to use private windows to go around that already… I’m blaming Cloudfront or maybe even dns propagation

Because for what I’m seeing to be true both servers should be down now


But they’re not, I did some testing using curl to contact both servers directly (the same can be accomplished with /etc/hosts)

That’s the precise issue. You currently have a non-working setup and your configuration is known for this kind of issues. Make sure your servers are properly configured for SSL and have a valid certificate and it will probably work fine.

1 Like

Well it’s working now so I suppose it was some propagation issue but thanks for the advice, I’ll put a certificate when I have some time

Neither of the two addresses is providing a response and the site still does not seem to work.

Also, securing the site only takes minutes. Even if the site worked, it would be still insecure and without encryption, I am afraid.

Because I have dynamic ip addresses :laughing: I have a python script in a cron job that updates the records, I wouldn’t have left them in the open if they were static
The site is working for me now though, I’m getting the 403 page

As long as you are not on Full Strict, it’s not secure.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.