Using CDN

[yasky]

Hello, I don't know why its so difficult now to use cdn..  Have used cloudflare before but now after changing my Nameserver to cloudflare it shows error.. I changed my Nameserver to gcore cdn, it keep saying the site can't provide security ssl, I don't know may be its because gcore cdn uses letsencrypt too.. I prefer gcore

[msbsurfi]

It may take up to 48 hours in order to get everything ok. 

Thanks.

[wolstech]

Cloudflare is supported and should work just fine. What is it doing when you try using CF?

As for gcore, I've never even heard of that, and there's no official support for it here.

[yasky]

6 hours ago, wolstech said:

Cloudflare is supported and should work just fine. What is it doing when you try using CF?

As for gcore, I've never even heard of that, and there's no official support for it 

Browser and CF working fine, Host = Error…. May be I need to wait 24hrs for it to work fine

[yasky]

Fixed… I changed the random ip from the DNA setting to 65.19.141.77… working perfectl

[wolstech]

We also just bulk-unblocked the France CF data center (it was blocked in the firewall automatically due to bots sweeping sites for WP installs to hack) That was probably the actual issue.

Edited February 24, 2023 by wolstech
Details

[yasky]

I tried to use another CDN apart from CF, the cdn site also use letsencrypt as their ssl but unfortunately for me am unable to use their ssl.. Getting error, now I have deleted letsencrypt from my end but still not working.. I was told to do this from their support 

 

Can't get Let's Encrypt certificate

Check whether the rules you created overlap the path "/.well-known/acme-challenge/<TOKEN>". This is the path for issuing a certificate, in many cases, such a rule (for example, with the path "/.*") does not allow issuing the certificate. Disable the rule, get the certificate, and enable the rule again.

 

I don't know how to do all that…  Pls help

Id: Ojplanet 

Server:  Tommy

[wolstech]

Did it give you a file to upload into that folder? There should be a text file you upload to a specific folder path on your domain to validate the domain for the certificate. Also, be aware that last I was aware, the validation files need to be accessible over plain HTTP, so may you need to remove SSL redirects. They can't get the certificate either because you didn't put the challenge file on the server correctly or because plain HTTP didn't work. Note you're probably going to have to do this manually every 90 days if you're using LE on an external service as opposed to just pointing your domain directly to us.

That stuff related to rules is related to features on their service, we can't provide any support for that since it's not ours.

If you're curious, the reason CF "just works" here because CF is its one of the few (only?) CDNs that is also its own CA with a widely trusted intermediate root certificate. CF doesn't need a service like LE for certificates because of that...CF can just issue itself a certificate and everyone will trust it. 

[Kairion]

Hi @ojplanet,

It is kind of impossible to help you without knowing what errors are being thrown.

Trying their instructions and then coming here without letting us know the entire history of your issue makes us unable to provide assistance.

Regarding that message you copy-pasted, it is talking about rules that you may have created at Gcore, meaning it has no relation to where you are hosting your website. We also have absolutely no way of knowing which rules you (may have) created at that CDN, as it would require access to your account's dashboard.

As far as I could check from the page that your copy-pasted message linked, it is necessary to create a rule with the system template "Let's Encrypt HTTP-01 challenge", as it will create a proxy from yourdomain.com/.well-known/acme-challenge/TOKEN to Gcore's generated token so you can get a Let's Encrypt certificate through them without your webserver (in your case, HelioHost) gets involved.

Unfortunately, as a non-Gcore services user, this is the furthest I could go with the information you gave us.

[wolstech]

And if he does create the rule to allow their certificate to issue, our server may not be able to get a certificate since it needs to be able to check the same path (all LE certificates look for verifications in that acme-challenge folder) which is now being redirected away from our server by the CDN.

Depends how specific the rule is I suppose.

[yasky]

Ok… I don't see any increase in speed using CF, change my Nameserver to heliohost now.. Thanks

[yasky]

After I mistakenly delete htacess, I can't use gtmetrix to analyze my site anymore… it showing forbidden error 403

[Kairion]

On 3/3/2023 at 3:42 PM, ojplanet said:

After I mistakenly delete htacess, I can't use gtmetrix to analyze my site anymore… it showing forbidden error 403

Could you please post that screen without it being mirrored and upside-down?

Please also post new, unrelated to this topic subject, questions/issues into a new topic(s), so we can keep our forums organized.

 

PS.: I moved the topic to the "Website Management and Coding" section as it was a question unrelated to HelioHost services but to Gcore services.