Cloudflare offers a free DNS management, Content Delivery Network (CDN) and SSL service which can be used with GridPane sites.

This can help protect your site from DDoS (Distributed Denial of Service) attacks, speed up the delivery of your sites globally and protect your users, but it can interfere with the provisioning of GridPane site SSL certificates on the server if configured incorrectly.

In this article we will run through the process step by step so that you can avoid these pitfalls and enjoy the benefits of the Cloudflare service alongside the power of GridPane.

So here we can see we have a GridPane site an-example.website: 

GridPane automatically checks for the required DNS record resolution for any sites, as we can see in the above image the DNS icon is RED, this means that we do not have DNS records resolving for this site.

  

Step 1. Add your Domain to Cloudflare

We are going to be using Cloudflare for DNS management, so the first thing to do, if you haven't already is add your domain to Cloudflare. Cloudflare has detailed tutorials on their website for this here.

You will need to add records for your primary domain, www records, and records for your staging and canary domains if you are using GridPane staging sites and UpdateSafely™.

At this stage you must make sure you are using DNS only and the Cloudflare icon is greyed out as in the screenshot above.

This is because if you route your traffic through their CDN now, your server IP will be masked by a Cloudflare IP address and you will not be able to enable a GridPane SSL
certificate.

  

Step 2. Update your Domain Nameservers

Cloudflare will provide you with the Nameserver records for your domain, you will need to update your nameservers at your Domain registrar.

Each Domain Registrar has a unique control panel, though they all share similarities, as such it is impossible to give instructions for each one, however the links below might help.

Links to articles for some of the most popular domain registrars:

For an-example.website I am using Namecheap domain registrar, in their control panel I update my Nameservers like so:

  

Step 3. Turn Cloudflare SSL Off

When you add a domain to Cloudflare to use their DNS management they very kindly turn an SSL on for you.

Turn this off, it will only cause problems for now.

  

Step 4. Wait for DNS Resolution

At this point many users will attempt to enable an SSL at GridPane, but if the records aren't resolved yet then the SSL certificate will not be issued.

We have build several layers of failsafe checking into the GridPane SSL process, it now stringently tests your DNS resolution prior to any attempts to get a Let's Encrypt SSL certificate.

This means that no matter how many times you try to issue an SSL you will not be able to hit the Let's Encrypt weekly quota, but it also means you need to wait patiently until your DNS records propagate enough for the tests to pass.

There are many sites online where you can test your DNS resolution such as:

Or you can use command line tools such as dig  or nslookup.

In the following screenshot I have used whatsmydns.net

We can see that the DNS records have not fully propagated throughout the whatsmydns.net network, but as a rule of thumb I find that when 2/3 of the record checks pass it is usually possible to enable an SSL certificate.

  

Step 5. Enable GridPane Let's Encrypt SSL certificate

With the above tests showing 2/3 passes I checked with my site in the GridPane active sites panel. We can see that the DNS symbol has turned green which means the GridPane app DNS resolution checks have passed.

This is also a good indicator that the SSL certificate checks will pass.

Open the site customizer by clicking the url in the Active sites list:

And use the SSL toggle to enable an SSL certificate.

  

Step 6. Enable Cloudflare CDN

Now we have an GridPane SSL certificate issued for your site, we can return to Cloudflare and enable their CDN in the Cloudflare DNS section.

Just click on the Cloud icon for the records that you wish to use the CDN for. 

Within a few minutes, if you recheck your domain DNS records resolution you will see that your server IP has been masked. 

Your domain is now routing through a Cloudflare public IP address and is afforded some additional DDoS attack prevention.
  

Step 7. Re-Enable Cloudflare SSL

Now we can re-enable the Cloudflare SSL we disabled earlier.

  

Step 8. Check your secured GridPane site

If you visit your site now, you will see it is fully secured with an SSl and being served by the HTTPS protocol. If you use the site inspector tool to check your response headers you will see that it is being served by Cloudflare.

 
===========================================================================
Error Codes

511    511.1    511.2   511.3   511.4

Did this answer your question?