SSL Error after testing Cloudflare


#1

My website was running fine on HTTPS with LE-cert for weeks. Yesterday I tested Cloudflare and added their NS server at my domain hoster. Today I stopped using Cloudflare and deleted my website in my CF account and resetted the NS Servers to my old nameservers provided by my domain hoster. So far so good. Now I get this error when trying to access my website: SSL_ERROR_INTERNAL_ERROR_ALERT

I renewed the cert, but that didn’t help. Any idea?


#2

That sounds as if you are still going to the CF IP address and they have deleted the SSL cert for your domain. Tricky to tell without your domain name though.


#3

DNS propagation can take a lot of time, especially changing NS records. Are you sure your domain is resolving back to your old server, or is it still resolving to CloudFlare?


#4

@pfg: Whois.net shows the name servers of my domain hoster again. Yes.
@serverco: I don’t want to make my url public. How can I check this?


#5

DNS propagation is more than just where Whois.net shows your nameservers to be.

You’re computer converts the domain name to an IP address at your nameservers ( probably your ISP ).

What Operating system is your computer on ? normally I’d say the command “host domain.com” will tell you - but depends on your OS.


#6

@serverco: I am on Windows. My server runs Debian.


#7

You can just ping example.com and see which IP it resolves to (CloudFlare or your server IP).

Note that some browsers keep their own DNS cache, so even if this shows your IP address, I’d recommend clearing your browser cache and/or restarting the browser before trying again.

Note: Your certificates are published to public Certificate Transparency log servers, meaning your domain is already public.


#8

Ah, I see. Yes. It pings the wrong IP. So I only have to wait?


#9

Yes. You can try flushing your DNS cache (I think it’s ipconfig /flushdns on Windows), but that’s only for your local cache - it’s likely one of your upstream DNS servers has the records cached too, so waiting it is.


#10

I flushed it. It’s still pinging the wrong IP.

EDIT: After changing my DNS server, I can access the website again. Seems to be cached on my ISP’s DNS. Thanks!