SSL Handshake and Cloudflare

Okay @manton, I have more server weirdness to pick your brain over.

After using Cloudflare to address the SSL for the moondeer.art domain that I point to the site served for me by FineArtAmerica, I dove into using Cloudflare with moondeer.blog.

This may or may not have been what resolved my Twitter card crawler issue (still kind of a blackbox for me). Regardless of that it is has been interesting seeing what all can be done between the DNS point and what Cloudflare calls the origin server.

Things mostly work great … but I started noticing recently (perhaps coinciding with the upcoming server update you mentioned, perhaps not) that occasionally a page doesn’t load … ultimately resulting in an SSL handshake failure between Cloudflare and the origin server. Thus far, the next attempt immediately succeeds. I wanted to share Cloudflare’s presentation of what is happening and see what you thought.

The error code:

The conditions:

And what most interests me on account of the intermittent nature of the failure … checking logs for the SSL error:

This is definitely because of the server upgrade that we’ve been slowly rolling out over the last couple of days. Can you temporarily disable the proxying in Cloudflare until we have it 100% solved? That should fix it so that Micro.blog’s new server can establish the HTTPS certificate for your domain name.

1 Like

Yuppers

I asked around and it turns out this is a limitation that is outside our control. Cloudflare proxying will have to be off initially, and then as soon as everything is working on your site you can re-enable it.

Okay, is the rollout complete or should I wait a bit longer to resume Cloudflare?

Update: It will be interesting to see whether turning Cloudflare back on affects the card validator. Still too many variables for me to know what got the image fetched the other day.

Just ran a test while paused:

That is interesting. The rollout is not complete… It will be finished tomorrow morning, and I’ll have a longer blog post about it.

1 Like

Well now I know what it is I will just pause Cloudflare again if I have issues. I resumed after awhile and so far so good.

The interesting bit is I just checked the validator again

are we safe to set Cloudflare CNAME to Proxied?

Feels like I’ve been stable since resuming Cloudflare … but I should point out that I blindly copied all my DNS records over from GoDaddy so I’m not all that confident I know what I’m talking about.

yeah but did you set DNS to Proxied (using their new lil toggle they’re UX-testing) ?

Nope … unless it was by accident

Update: or maybe so … I just blindly moved over the records GoDaddy had

You seem not to have had issues for weeks. So I’ve gone proxied too for https://wa.rner.me.
To be honest, the most crucial setting is SSL/TLS. I have to have Full/Strict for this domain for another service:


Yours is probably still set to Default which I believe is Flexible.
So we’ll see if it works for me.

1 Like