SSL subdomain pointing to another server

Hi Cloudflare Community,

I’m am new to this ssl thing so please bear with me in my situation.

What i have:

Main Cpanel:

  1. Main Domain SSL - Main Host CPanel Installed
  2. Wild Card SSL for subdomains. - Main Host Cpanel Installed
  3. Subdomain is added in my main host cpanel.

Cloud Flare Panel:

  1. Main domain is configured correctly and working good.
  2. Several subdomains are also working good and pointed into the main host.

Situation:
I have 1 subdomain that will be hosted in a Different Host/server and they give me the IP where the subdomain should be pointed. Also they required me to provide SSL for subdomain (i presume the wildcard). I provided them the wildcard certificate and the private key. They said they have installed in their own server.

I have added an A record in the CF panel for that specific subdomain to be pointed to the NEW IP.
But after several days of waiting for the propagation to complete we are still unable to access the one that is hosted in a different server as it gives ERR_CONNECTION_TIMED_OUT.

Can you guys enlighten me about this?

Here are my CF settings:
---------------------
DNS settings:
Type: A
Name: bookings
Value: (ip the new host provided)
TTL: automatic
Status: (orange)DNS & HTTP Proxy (CDN)
------------------------------------------------
SSL/TLS settings:
SSL: Full Strict
Edge Certificates:
  Host: maindomain.com, *.maindomain.com (2hosts)
  Type: Universal (Shared)
  Certificates: 1

Custom Hostnames: None
Origin Certificates:
   Hosts: *.maindomain.com, maindomain.com (2 hosts)
   Expires On: 2034-05-07

Always Use HTTPS: ON
HTTP Strict Transport Security (HSTS): Disabled
Authenticated Origin Pulls: On
Minimum TLS Version: TLS 1.0 (default)	
Opportunistic Encryption: ON
Onion Routing: ON
TLS 1.3: Enabled	
Automatic HTTPS Rewrites: ON

Ensure that

  • there is no typo in your IP address
  • your host is accepting connections in Port 443
  • Cloudflare IPs are whitelisted
  • that there’s no rate limit.

Would you mind telling us the domain? We don’t have access to your account.

For reference

Please follow the steps in this post to solve your Problem:

The following ports are proxied by Cloudflare:

Thank you for the tips.

The main domain is cheekymonkeys.com
problematic subdomain: bookings.cheekymonkeys.com
IP to point: 18.195.25.30

First: the IP is not cofigured to be proxied by Cloudflare (:orange:) and doesnt work either
Second: i cannot connect via HTTPS using the IP, but via HTTP drectly, a trace stops after DE-CIX in FRA.

tcptraceroute -n 18.195.25.30 443
Selected device eno1, address 192.168.0.243, port 35627 for outgoing packets
Tracing the path to 18.195.25.30 on TCP port 443 (https), 30 hops max
 1  192.168.0.3  0.196 ms  0.138 ms  0.152 ms
 2  212.xxx.xxx.xxx  1.123 ms  0.885 ms  0.805 ms
 3  212.xxx.xxx.xxx  1.385 ms  1.337 ms  1.361 ms
 4  212.xxx.xxx.xxx  1.326 ms  0.932 ms  0.962 ms
 5  80.81.194.152  6.868 ms  1.096 ms  1.253 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
^C

tcptraceroute -n 18.195.25.30 80
Selected device eno1, address 192.168.0.243, port 47683 for outgoing packets
Tracing the path to 18.195.25.30 on TCP port 80 (http), 30 hops max
 1  192.168.0.3  0.145 ms  0.177 ms  0.143 ms
 2  212.xxx.xxx.xxx  0.739 ms  0.596 ms  0.571 ms
 3  212.xxx.xxx.xxx  2.315 ms  1.432 ms  1.734 ms
 4  212.xxx.xxx.xxx  1.147 ms  0.954 ms  1.042 ms
 5  80.81.194.152  1.502 ms  0.692 ms  1.184 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  54.239.5.174  3.037 ms  2.142 ms  2.159 ms
11  * * *
12  * * *
13  * * *
14  18.195.25.30 [open]  2.011 ms  1.877 ms  1.926 ms

Check the settings in your AWS console and ensure that your webserver accepts connections on port 443. Because bookings.cheekymonkeys.com is not configured to be proxied, this is no Cloudflare issue.

Wow Mark! Thank you so much for this.

This really enlightened this issue, as they third party host keeps pointing fingers that the error is on our end. Your reply cleared everything that the error is on their side.

Thank you so much…

This topic was automatically closed after 30 days. New replies are no longer allowed.