Subdomain CNAME DNS rule fails to forward to SumUp

I have exactly the same scenario as here “Sumup - Subdomain CNAME problem” but the solution does not work.

The desired effect is to point my domain chiny·pl to my Linode VPS. At the same time, the subdomain sklep·chiny·pl should lead to SumUp webstore service.

  1. From the very start I have set up the rule exactly as in the solution suggest in the above link:
    C N A M E | sklep | shops·sumupshop·com DNS only | 5 min |

  2. And it simply won’t work, contrary to the quoted above solved topic.
    Please take a look at the outcome. After entering https://sklep·chiny·pl into my browser, I get two results:
    Chiny.pl
    or when i use this solution " Redirect all requests to a different hostname"
    I get this URL in the end:
    sumupshop.com
    but never what I should have, that is my store main page.

  3. Notably, the very same CNAME entry works perfectly when I point my domain from my ISP to Linode VPS.

Thank you,
Peter

The server at shops.sumupshop.com doesn’t have an SSL certificate for your domain and is redirecting requests to instantfwding.com which Cloudflare Access blocks for me (Radar has it is as a phishing site).

https://cf.sjr.org.uk/tools/check?4ea1cb35cdce4e0b8e6021e58894c2ea#dns

You’ll need to check there what is set up.

curl -I https://sklep.chiny.pl --insecure
HTTP/1.1 302 Found
date: Sun, 09 Jun 2024 09:17:37 GMT
server: Apache
set-cookie: __tad=1717924657.4891402; expires=Wed, 07-Jun-2034 09:17:37 GMT; Max-Age=315360000
location: http://instantfwding.com/?dn=chiny.pl&pid=7PO2UM885
content-type: text/html; charset=UTF-8
connection: close

Thank you so much!

  • Then how come the C N A M E rule works perfectly in case when it is implemented at my Linode VPS?
    Case #1: My ISP → DNS pointed at Linode → C N A M E defined in Linode Domain rules → ALL WORKS WELL
    Case #2: My ISP → DNS pointed at CF → C N A M E defined in DNS settings page → FAILURE

In such time, the SumUp server also does not have any valid certificate for chiny.pl or sklep.chiny.pl

Also, SumUp does not have any option to upload or generate a certificate.

Also, then why the user in https://community.cloudflare.com/t/sumup-subdomain-cname-problem/650010 has successfully solved the issue. He certainly was not able to generate a certificate within SumUp.

Besides, the domain is a premium name (means “china” in Polish language and I operate if for nearly 20 years. How come it has a phishing site? How I can appeal or change it?

I don’t know. All I know is what I see happen. You have set an unproxied CNAME sklep.chiny.pl at Cloudflare to shops.sumupshop.com (which resolves to
Making a request for your hostname to 103.224.182.242 returns the below.

Are you sure sumupshop.com is the correct domain? It behaves like a squatting phishing site. Check with SumUp.

curl -Ivv https://sklep.chiny.pl --insecure
*   Trying 103.224.182.242:443...
* Connected to sklep.chiny.pl (103.224.182.242) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: CN=xn--brsenforen-ecb.de
*  start date: Apr 10 08:35:01 2024 GMT
*  expire date: Jul  9 08:35:00 2024 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/1.x
> HEAD / HTTP/1.1
> Host: sklep.chiny.pl
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< date: Sun, 09 Jun 2024 09:49:47 GMT
date: Sun, 09 Jun 2024 09:49:47 GMT
< server: Apache
server: Apache
< set-cookie: __tad=1717926587.3817470; expires=Wed, 07-Jun-2034 09:49:47 GMT; Max-Age=315360000
set-cookie: __tad=1717926587.3817470; expires=Wed, 07-Jun-2034 09:49:47 GMT; Max-Age=315360000
< location: http://instantfwding.com/?dn=chiny.pl&pid=7PO2UM885
location: http://instantfwding.com/?dn=chiny.pl&pid=7PO2UM885
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< connection: close
connection: close

I thank you again. I am desperate here, as two issues coincide: I cannot operate my shop and use CF at the same time - and my domain is under some sort of DDOS attack and CPU usage is almost all the time at 100%. My code is clean (Laravel 10 on nginx), I even created & configured new VPS from scratch and renamed image files to throw off any possible hotlink issues.

A Hundred percent. I just copied the perfectly working C N A M E rule from my Linode, verbatim to my Cloudflare, then redirected my domain ISP nameservers to CF and here I am…

See the SumUp instructions for reference:

Thank you again.

Just to show that I am not doing any silly mistake:
Linode (working) and CF (failing) rules, screenshots:

And the working Linode CNAME entry

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.