Site IP changed and DNS still not updated

I updated the A record for the website name and pointed to the new webhost IP but 30 minutes later the site still doesnt not resolve. Also cannot ping sitename.

What is the site name?

alcalaarchitecture.com

You have a DNSSEC issue…
https://cf.sjr.org.uk/tools/check?45a6be50bfc44064955e7d345d820ba6#dns

You need to either disable DNSSEC at your registrar, or enable it at Cloudflare and copy the DS records to your registrar from your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

1 Like

I set up DS records as you suggested but now when I go to the website I get a https:// issue. How do I fix that?

At the moment your record is not proxied so you are seeing the SSL certificate that’s on your origin server.

That expired on 12 January so you need to get an updated SSL certificate.

curl -Ivv https:///alcalaarchitecture.com
*   Trying 35.208.202.169:443...
* Connected to alcalaarchitecture.com (35.208.202.169) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.3 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Your changes to DNSSEC will take a while to propagate.

1 Like

If I proxy it will the Universal SSL cert from CF cover it?

You should not use Cloudflare to hide an expired SSL certificate since this means that connections are not secured end-to-end and you are deceiving your users into believing the connection is secure.

Fix the SSL certificate on your origin, ensure SSL/TLS is set to Full (“Strict”) on Cloudflare here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls
…and then you can enable the proxy.

Thank you. I updated our SSL cert and it appears to be working now.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.