Site at Cloudflare no longer resolving to Ghost

Website, Application, Performance DNS & Network
1

Out of nowhere, my site no longer resolves to my ghost domain. I changed zero settings, either at Ghost or Cloudflare.

It’s throwing a 526 (SSL) error, and ostensibly that’s the issue, but I think the problem is larger than that and has something to do with CNAME flattening at Cloudflare.

I can follow the Cloudflare/Ghost instructions (they’re the same) and it just doesn’t work, and the CNAME record on Cloudflare highlights potential issues with flattening at the third-party host (Ghost).

It looks like ran @yrmxjffxzn ran into the same issue but no solution is given.

Any help is greatly appreciated, as all of a sudden my site is unreachable.

(I tried to link to things, but it kept throwing errors here :roll_eyes:)

4

Does it load fine on HTTPS when Cloudflare is paused?

My assumption would be your server certificate expired and you need to renew that.

1 Like
5

with cf paused, it just shows a dns resolution error. the site is polymath dot net

6

I am afraid that’s an issue with the host. Keep Cloudflare paused and contact your host to clarify it and get it fixed. Once the site loads fine on HTTPS, you can unpause Cloudflare again.

You may also have wrong DNS entries, but that’s also something to clarify with your host. The naked domain cannot be a CNAME entry and will always be flattened.

7

That hostname points to Fastly IP addresses which return a 302 redirect to https://error.ghost.org/. Not related to Cloudflare you likely need to take it up with the hosting provider (ghost.org I assume).

Not sure where you’re seeing a 526 error.

❯ curl -Ikv https://polymath.net
*   Trying 151.101.195.7:443...
* Connected to polymath.net (151.101.195.7) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=fallback.tls.fastly.net
*  start date: May 28 23:05:13 2023 GMT
*  expire date: Jun 27 23:05:12 2023 GMT
*  issuer: C=US; O=Certainly; CN=Certainly Intermediate R1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: HEAD]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: polymath.net]
* h2h3 [user-agent: curl/7.86.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x128014800)
> HEAD / HTTP/2
> Host: polymath.net
> user-agent: curl/7.86.0
> accept: */*
>
< HTTP/2 302
HTTP/2 302
< server: openresty
server: openresty
< content-type: text/html
content-type: text/html
< location: https://error.ghost.org/
location: https://error.ghost.org/
< ghost-cache: HIT
ghost-cache: HIT
< cache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
cache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
< ghost-age: 410
ghost-age: 410
< x-request-id: 19fb0fc2-7bca-486c-9725-7973541ac94d
x-request-id: 19fb0fc2-7bca-486c-9725-7973541ac94d
< accept-ranges: bytes
accept-ranges: bytes
< via: 1.1 varnish, 1.1 varnish
via: 1.1 varnish, 1.1 varnish
< date: Mon, 05 Jun 2023 06:05:47 GMT
date: Mon, 05 Jun 2023 06:05:47 GMT
< x-served-by: cache-ams12747-AMS, cache-ewr18143-EWR
x-served-by: cache-ams12747-AMS, cache-ewr18143-EWR
< x-cache: MISS, MISS
x-cache: MISS, MISS
< x-cache-hits: 0, 0
x-cache-hits: 0, 0
< x-timer: S1685945147.104438,VS0,VE93
x-timer: S1685945147.104438,VS0,VE93
< vary: Cookie
vary: Cookie
< ghost-fastly: true
ghost-fastly: true
< alt-svc: clear
alt-svc: clear
< content-length: 142
content-length: 142
1 Like
8

The OP gets that error because that server is not configured for the domain.

1 Like
9

awesome guys, thanks so much for your help. i’ll report back once i hear from ghost.

10

Sure, I’d first verify the DNS entries and once your host confirmed them, they need to make sure the site is properly loading on HTTPS.

Once it does, it will also work on Cloudflare and you can unpause Cloudflare.

1 Like
11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.