What is the name of the domain?
nextcloud.hello-there.uk
What is the error number?
9003
What is the error message?
Target xxx.xxx.x.x is not allowed for a proxied record. (Code: 9003)
What is the isssue you’re encountering
Every time I try to activate Proxied DNS i get an error: Target xxx.xxx.x.x is not allowed for a proxied record. (Code: 9003). I need it to be proxied because the ssl certificate is not valid at the moment. The target is an Ubuntu server (24.04 LTS (GNU/Linux 6.8.0-1005-raspi aarch64)).
What feature, service or problem is this related to?
DNS records
You are using the wrong IP address for your A record, and that’s why it can’t be proxied.
dig +short nextcloud.hello-there.uk
192.168.1.16
192.168.x.x is a private IP range that only works from within your network. You will need to find your public IP address and also probably need so set up port forwarding.
You need to fix that first before you proxy the record.
You can use a free Cloudflare Origin Certificate that only works for proxied records, but you still need to install it on your server.
Make sure you are using the Full (strict) SSL setting in Cloudflare.
2 Likes
Thank you!
Sorry for the ignorance but I’m new in this type of things ahahahha
Anyway, I solved the issue, but now when I try access the site I get an 522 Error… I checked on my firewall (ufw) and everything needed is open:
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
The public IP address should be correct:
root@Alastor:/etc/apache2/sites-available# curl https://ipinfo.io/ip
93.150.241.127
I’m pretty sure the port forwarding is also settled since I contacted my ISP and they’ve done it for me.
The certificate is already installed on my site, here is the configuration of my Apache Virtual Host:
<VirtualHost *:80>
ServerName nextcloud.hello-there.uk
Redirect permanent / https://nextcloud.hello-there.uk
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /home/jake/hello-there.uk.pem
SSLCertificateKeyFile /home/jake/hello-there.uk.key
Protocols h2 h2c http/1.1
ServerName nextcloud.hello-there.uk
DocumentRoot /var/www/nextcloud.hello-there.uk/public_html
ServerAlias www.nextcloud.hello-there.uk
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php8.2-fpm.sock|fcgi://localhost"
</FilesMatch>
<Directory /var/www/nextcloud.hello-there.uk/public_html>
Satisfy Any
Require all granted
Options FollowSymlinks MultiViews
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
ErrorLog /var/log/apache2/nextcloud-error.log
CustomLog /var/log/apache2/nextcloud-access.log common
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
I doubt that very much. Check in your router that you have set up forwarding so that port 443 TCP is forwarded to the computer your server is running on.
Right now, nothing is responding on your IP address:
curl -svo /dev/null http://nextcloud.hello-there.uk --connect-to ::93.150.241.127
* Connecting to hostname: 93.150.241.127
* Trying 93.150.241.127:80...
^C
I’d recommend you keep the DNS record to DNS-Only until you can get a connection to your server.
Many ISPs completely block port 80/443 or incoming https traffic in general, and you can check that after you have confirmed that port forwarding is set up in your router.
2 Likes