Cloudflare Developers•3y ago

i've enabled certificate transparency alerts, but why so frequent deploys?

mystiquewolfOP•7/13/23, 7:15 PM

The SSL certificate is 3 months valid

mystiquewolfOP•7/13/23, 7:16 PM

one has 3 months validity, other (backup) 1 year

mystiquewolfOP•7/13/23, 7:16 PM

no need to rotate every 2 days or every week...

mystiquewolfOP•7/13/23, 7:16 PM

maybe it's something different feature or else a bug

Mmystiquewolf i've enabled certificate transparency alerts, but why so frequent deploys?

Chaika•7/13/23, 7:19 PM

Those aren't cert transparency emails, you enabled notifications for Universal ssl alerts or custom hostname ssl alerts

Chaika•7/13/23, 7:20 PM

The cert transparency emails are way less spammy and include no details about your zone/cert ids (because they're generic and watch certs from every issuer)

CChaika Those aren't cert transparency emails, you enabled notifications for Universal s...

mystiquewolfOP•7/13/23, 7:23 PM

Thanks very much I'll disable ASAP

fleabeard•7/13/23, 8:15 PM

Hey folks, I'm trying to get an http website up and running before I do the needful to get https working. However, when I try to visit the site via the http:// address it's auto-directing me to the https:// which isn't setup yet with an Error code 521. Any ideas?

MattIPv4•7/13/23, 8:16 PM

Do you have always use https enabled?

MattIPv4•7/13/23, 8:17 PM

Is your domain in the hsts preload list?

MattIPv4•7/13/23, 8:17 PM

Is your origin returing the redirect?

MattIPv4•7/13/23, 8:19 PM

That being said, if this is being proxied through Cloudflare, what's happening between you and Cloudflare (http vs https) shouldn't change how Cloudflare is connecting to your origin. If your origin isn't configured to support TLS, have you set the correct SSL mode for the zone (flexible)?

fleabeard•7/13/23, 8:20 PM

Ah, changing it to flexible allowed the page to load lol. Thanks!

Mmystiquewolf like i wonder is empty CAA valid or would cause trouble `0 issue " "`

mystiquewolfOP•7/13/23, 8:27 PM

should not cause trouble. Nice trick Leo, thanks
Out of the DNS CAA RFC:

CAA authorizations are additive; thus, the result of specifying both an empty issuer-domain-name and a non-empty issuer-domain-name is the same as specifying just the non-empty issuer-domain-name.

CAA authorizations are additive; thus, the result of specifying both an empty issuer-domain-name and a non-empty issuer-domain-name is the same as specifying just the non-empty issuer-domain-name.

F0rce•7/13/23, 8:43 PM

Hello everyone, I want to build something with workers and I am not sure if it works out, thats why im asking POGGIES

Basically I have some workers and I want to add some oberservability to it. I would like to use Service Bindings for that. Now here's the question I have. I have the following in mind.

Request is made to Worker One (availible online). It does it normal job does some additional "pre-parsing" for the logger (saving some request headers / response headers).
The request where the original reqeust is made to does a subrequest (through a Service Binding) to the logger worker. Due to limitation of our log provider (axiom) I would not be able to ingest every request when it happens.

How would I have to build the logger service, that it throttles the requests made ? or is there a better solution to what I'm thinking. I'm open for all sorts of "help".

Thanks blob_wave

JJada https://p1.zrps.cloud/ my cloudflare site is stuck in a 301 permanent redirect t...

Cyb3r-Jak3•7/14/23, 12:07 AM

Check your SSL mode. My guess is that it is flexible and you should have it be Full strict

Cyb3r-Jak3•7/14/23, 12:09 AM

Works for me

Chaika•7/14/23, 12:11 AM

It's two deep. The free Universal cert you get is just simple wildcard for the first level. You could change that to mason-p1.zrps.cloud for example and it would be covered by it, or buy Advanced Certificate Manager (ACM) for $10 USD/month and get an adv. cert that covers it

BenitzCoding•7/14/23, 6:51 AM

Can someone help me in #Cloudflare Websites are loading forever!!! ITS SOOO ANNOYING!!!

BenitzCoding•7/14/23, 6:51 AM

b-bear•7/14/23, 10:13 PM

Is there any need to disable and reenable DNSSEC I transferred my domain from Google to Cloudflare. I forgot to disable it and it says DNSSEC will be automatically enabled within 24 hr. It’s been two weeks it still has the message, but under it says enabled. And when I look on DNSViz it says it is secure.

Karew•7/15/23, 4:49 AM

Is there a reason that Tiered Cache isn't just on all the time? Especially now that it's totally free

Unsmart•7/15/23, 4:57 AM

Because caching at every data center instead can be faster if you have enough traffic

i've enabled certificate transparency alerts, but why so frequent deploys?

Similar Threads

Similar Threads

Similar Threads