Subdomain is Proxied But Cloudflare DNS Servers Still Resolving to Actual Server Address

I needed to turn off proxy for many of my sub-domains due to an issue with Let’s Encrypt certificate renewal. To speed up the process, I wrote a script that called the Cloudflare API to set the proxy=false. After all Let’s Encrypt certificates were successfully renewed, I called the Cloudflare API to set proxy=true for my sub-domains.

All of my sub-domains were successfully proxied except for Even though the dashboard shows is proxied, dig shows the actual server address rather than one of the Cloudflare servers (same if I resolve via I have tried turning off proxy for my subdomain and then turning it on without resolving the name resolution issue.

Does anyone have any ideas? I have not tried to delete and add it back again - I am concerned that the subdomain has somehow become locked.

Thanks, Norbert

Check the overview page, you likely have Cloudflare paused.

Dumb user mistake. There was a typo in the control file that was used to call the Cloudflare API. The result was that Cloudflare had proxied “” . I corrected the subdomain name and life is once again good.


@cscharff thanks for the fast response!

A summary of yesterday’s events for those interested in what happened and as a cautionary tale. I wrote a small script that used to extract the DNS information for my various zones and copied the A-record name, id, and proxy status into a flat file. Another script processed the flat file, skipped any records where proxy was already disabled, and then used to disable proxy and later re-enable it . The API documentation included a sample - I removed the request parts that I was not modifying - in addition to the DNS record id, I passed the DNS name and desired proxy state. I did not make the connection that all the optional request parameters are modifiable.

When I built the flat file, I accidentally missed selecting all of the input data. I noticed that my subdomain name was incorrect, manually corrected the problem, but in my rush to finish, did not notice that the subdomain was still missing a letter. The result was that I disabled the proxy status of but also accidentally renamed the subdomain. The correct subdomain was still resolving but to my server IP. Toggling the proxy status of the renamed subdomain via the dashboard was pointless. It was only after I made my original post that I copied the subdomain from the Cloudflare dashboard into a DIG command and noticed the typo (it had been a long day). Only passing the desired proxy status in the PATCH DNS Record request would have avoided the issue.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.