Service not available - test1.bungalow5.com

image

Hello,

I am receiving the error above when trying to access test1.bungalow.com. I have an A record (proxied) called “test1” with the IP of the AWS instance attached to it. We also have a wildcard record *.bungalwo5.com set up.

Please advise ASAP.

Thanks,

Antoine

Your domain is not active on Cloudflare, so no Cloudflare DNS servers are involved. Did you activate your domain on Cloudflare by changing your DNS servers from Route 53?

% dig +short ns bungalow.com
ns-125.awsdns-15.com.
ns-1887.awsdns-43.co.uk.
ns-631.awsdns-14.net.
ns-1176.awsdns-19.org.

Actually, reading your message again you have several domains listed. What is the domain name you are having issues with? bungalwo5.com, bungalow5.com or bungalow.com?

1 Like

Thanks for the prompt feedback. I am having issues with bungalow5.com.

The 503 is going from your origin server:

Can you provide a screenshot of the wildcard? I’m not able to see any DNS results for such a wildcard.

Are the nameservers on the DNS tab of your Dashboard:

plato.ns.cloudflare.com.
april.ns.cloudflare.com.

Yes, you are correct, those are the nameservers.

See the wildcard cert screenshot below.

A wildcard cert and a wildcard DNS entry are two different things. Without a DNS record users cannot resolve hostnames.

Be aware, that only Enterprise plan can proxy wildcard DNS records, so the certificate is not relevant for wildcard DNS entries.

I can’t see the screenshots. Also, is there another option besides the enterprise plan? Couldn’t I add an entry for each site?

Yes, that should work just fine. It is only Wildcard DNS entries that will not work.

Just remember that a wildcard certificate only covers one level of labels in a DNS name, so subdomain.example.com will be fine, but www.subdomain.example.com will not be covered by a certificate for *.example.com.

I was able to view the screenshots, I see what you mean now.

I should be able to make a single entry for the site, correct?

So instead of using the *.bungalow5.com, couldn’t I just use test1.bungalow5.com?

Yes. I much prefer not using wildcard DNS so as not get flooded by bots.

And looking at your current certificates, I’m not sure why you need ACM, as it covers the exact same hostnames as the free Universal cert.

1 Like

Thanks sdayman! I was trying to get a cert I could download so was trying it out.

However, I already have an entry labeled “test1” in my DNS currently and I still get the error.

Do I need to add the FQDN “test1.bungalow5.com” for it to be viewed by users?

You can’t download ACM edge certs. Only Origin certs.

test1 resolves:

At this point, you should set ‘test1’ to :grey: DNS Only and see if you can get that loading with HTTPS.

If necessary, you can generate the above-mentioned Origin cert and install it on the server. Your browser will throw a warning about the cert, but you can view it to ensure it’s the one you generated, then click on through that warning to the site.

Yes, I wasn’t aware the edge cert couldn’t be downloaded. But if I went the origin cert route, would every user who viewed the site get the initial cert warning? If so, is there a way to avoid this?

Origin certs are only for :orange: Proxied hostnames.

Thanks for all your help! Turned out to be an NGINX issue.

Final Question, I turned on ACM to try and get a wildcard cert, but clearly, I don’t need it.

I don’t see a way to turn it off in the console. So am I paying monthly for the cert I created or for the ACM service which allows me to create the certs? If it’s the cert I’m paying monthly for does deleting the cert cancel the monthly fee?

Check under your profile (upper right corner of dashboard) and check Billing → Subscriptions. It might have a Cancel link for ACM. Otherwise, take a closer look in the SSL/TLS section for a way to turn it off.

Awesome…thanks!

Another issue though. Now that I have added the proxy back to the test1 entry, users are getting “Too many redirects” (myself included). I have cleared my browser data and still get the same error.

Any idea why this would be occurring all of a sudden? We did update the NGINX config, could that be the cause?

Thanks,

Antoine

That error is almost always caused by a mismatch between your SSL Mode and the Origins HTTP behaviour.

The best solution is to ensure you have a valid SSL certificate on your Origin, and then set your SSL Mode to Full (Strict).

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.