SSL at Weebly Not Working due to Hidden AAAA Record Here

ssl

#1

Greetings! I have my website at Weebly and am trying to set up the SSL secure certificate for it there.

One of the requirements Weebly has in order to make a site secure is that there NOT be any AAAA DNS record for the site. Weebly is explicit about that.

Here on CloudFlare I have double checked the DNS entry and there is definitely no AAAA record. However, I have read here in the forums that CloudFlare behind the scenes creates an invisible AAAA record and that there is no way to undo that.

How can I make the Weebly site secure if they require no AAAA record? Is there any way to disable the AAAA record for my site entry here, so I can get the Weebly site secure?

Thanks!


#2

There is no hidden AAAA Record. ipv6 is enabled by default and therefore your domain is resolving on 2 v4 and two v6 adresses. IPv6 can only be disabled via the API, not from your dashboard. (See “the “Network” section.

Quote:

Why can’t I turn off IPv6?
At Cloudflare we believe in being good to the Internet and good to our customers. By moving on from the legacy world of IPv4-only to the modern-day world where IPv4 and IPv6 are treated equally, we believe we are doing exactly that. In the Cloudflare dashboard, IPv6 is no longer something you can toggle on and off, it’s always just on. However, if you need to turn off IPv6 (and say goodbye to the modern internet), you may still do so using the Cloudflare API.

https://api.cloudflare.com/#zone-settings-change-ipv6-setting


#3

I don’t believe I can do anything to insert an API in between Weebly’s interface and the CloudFlare system, can I? Are you saying that I need to personally convince Weebly to change their entire interface so that it uses this API in situations where it is interfacing with CloudFlare?


#4

Are you referring to this page?

If it’s a :grey: cloud (sub)domain, Cloudflare doesn’t automatically create AAAA records. Just don’t add any yourself, or delete them if you did, and you’ll be fine.


#5

Dear Mnordhoff -

If you look at the previous post by MarkMeyer, you’ll see the problem. It’s not that I added an AAAA record. It’s that the functionality of the AAAA record is built into the way Cloudflare works. There’s nothing I can delete. I can’t impact the way that is presented to Weebly. My only hope, it seems, is to present my case to the Weebly team and hope they change the way they interface with Cloudflare. I’m not sure they’ll consider that to be a high priority.

Unless anybody has any other ideas?

Right now in my Weebly interface I just get an error message. They won’t proceed with the secure site option until there are zero AAAA records showing up.


#6

No need to. You can trigger the API from everywhere, even from your local host. You just need to execute the call once to disable IPv6 for your zone.

Though I can’t follow Weebly’s arguments. According to them IPv6 is weakening the internet…


#7

I won’t begin to try to guess why Weebly has this restriction built into its code. It could simply be they built the code a while ago and don’t feel like getting around to editing it :).

I admit I don’t know how to trigger an API. Are there instructions somewhere on how to do that? I code in ASP classic (speaking of building code a while ago) and could easily insert some lines into a script and run that from one of my servers, if that’s what needs to be done.


#8

This is probably a stupid question, but did you try and fail? Or are you just worrying preemptively?


#9

thedaveCA - the only stupid question is an unasked question :).

Yes, I tried and failed. What happens right now is, in the Weebly interface, I press the button to activate the secure site. It then pops up an error message saying I need to delete the AAAA record. It won’t let me progress any further. There isn’t any other option to do anything else.


#10

Here’s the actual pop-up window that appears on Weebly when I press the button to enable the secure site. The top half of this error window just has text you can email to your DNS people to tell them to remove the AAAA record for you. Your only option is to close the error window.


#11

Well then. Try and error. @mnordhoff pointed you into a direction. The following may work:

Set your dns records to :grey: and wait until the TTL has expired. Careful. Set the TTL for your :grey: record as low as possible.

Activate SSL at Weebly and publish your site and check if SSL works. After that set your SSL settings here at least to “Full” and your records back to :orange:

I’ve no clue what they are doing. Either they don’t support IPv6 at all or someone there’s just lazy or what ever.


#12

Without knowing why Weebly requires zero AAAA records, I’m not sure I want to risk the website’s traffic by trying to sneak it through without an AAAA record for ten minutes and then popping the AAAA back in after that.

If the real legitimate fix is to actually (in essence) remove that AAAA record permanently, as they requested, with a one-time API command, I’d rather do that. I just need to know how to do that.


#13

Here’s the API command @MarkMeyer referenced earlier:
https://api.cloudflare.com/#zone-settings-change-ipv6-setting

I believe the Zone Identifier shows up in the URL of your Cloudflare Dashboard when changing your site’s settings. It’s the long string of numbers.


#14

Dear Sdayman -

Yes, I have the code and the zone identifier. What I don’t know is how to actually run an API. I do a lot of coding in ASP Classic, for example, so I know how to write and run a script on an IIS webserver. But I don’t have any idea how to “run” that provided block of API code.

Is it something I could somehow execute from an ASP script?

I tried googling it and didn’t come back with anything I understood.


#15

I run my API commands from UNIX command line using curl, pretty much a cut and paste from the API docs, but changing the long keys. You can do this from anywhere, including your web server if you have command line access (and curl).


#16

Are you iranean


#17

Sdayman -

I’ll see if I can download curl. I do have Windows command line access and will see what I can do with that. Thanks. I didn’t know these could work from a command line; I thought they were web scripts of some sort.


#18

nassertorfinezhadian -

Do you mean Iranian as in from Iran? Ummm, no. I’m in Massachusetts.


#19

By this address is ?


#20

The website address, which I’m helping a friend with, is -