Okay @manton, I have more server weirdness to pick your brain over.
After using Cloudflare to address the SSL for the moondeer.art domain that I point to the site served for me by FineArtAmerica, I dove into using Cloudflare with moondeer.blog.
This may or may not have been what resolved my Twitter card crawler issue (still kind of a blackbox for me). Regardless of that it is has been interesting seeing what all can be done between the DNS point and what Cloudflare calls the origin server.
Things mostly work great … but I started noticing recently (perhaps coinciding with the upcoming server update you mentioned, perhaps not) that occasionally a page doesn’t load … ultimately resulting in an SSL handshake failure between Cloudflare and the origin server. Thus far, the next attempt immediately succeeds. I wanted to share Cloudflare’s presentation of what is happening and see what you thought.
This is definitely because of the server upgrade that we’ve been slowly rolling out over the last couple of days. Can you temporarily disable the proxying in Cloudflare until we have it 100% solved? That should fix it so that Micro.blog’s new server can establish the HTTPS certificate for your domain name.
I asked around and it turns out this is a limitation that is outside our control. Cloudflare proxying will have to be off initially, and then as soon as everything is working on your site you can re-enable it.
Okay, is the rollout complete or should I wait a bit longer to resume Cloudflare?
Update: It will be interesting to see whether turning Cloudflare back on affects the card validator. Still too many variables for me to know what got the image fetched the other day.
Feels like I’ve been stable since resuming Cloudflare … but I should point out that I blindly copied all my DNS records over from GoDaddy so I’m not all that confident I know what I’m talking about.
You seem not to have had issues for weeks. So I’ve gone proxied too for https://wa.rner.me.
To be honest, the most crucial setting is SSL/TLS. I have to have Full/Strict for this domain for another service: