Home Archives Search About

Using an .af TLD with Blot (via Cloudflare)

July 13, 2018

I recently found Blot and made the jump. I spent time reading the docs and creating a theme for my blog. David has been very helpful answering questions I’ve encountered through the process.

One such issue I encountered was getting my domain, paul.af, setup with Blot. This is a general overview of that issue.

Using Cloudflare

Blot’s docs on using a custom domain specify using an ALIAS DNS record for an apex (e.g. paul.af vs www.paul.af) domain. An ALIAS record specifically is only available via DNSimple — a paid service. However, Cloudflare supports CNAME flattening which will also work. Having used Cloudflare previously (on their generous free tier) I opted for that route.

After updating the nameservers to point to Cloudflare & adding the domain in Blot it was time to play the game of How Fast Can DNS Propagate™. However, when trying to reach my site I was getting a cryptic SSL error:

Cryptic SSL errorCryptic SSL error

I also noticed that within Cloudflare my Universal SSL Status was marked as Ineligible for SSL which was odd. On a whim, I updated the DNS records as DNS only”, as opposed to the default DNS & CDN (routes traffic through Cloudflare).

Oddly enough, this worked. But why?

The Culprit

I put in a support ticket with Cloudflare to get to the bottom of this issue. Several days later, I got a response:

Universal SSL does not currently support issuing for the .af ccTLD.

This is due to a restriction from Comodo: https://support.comodo.com/index.php?/Knowledgebase/Article/View/989/0/banned-country-list

Ideally I would’ve liked to see this issue presented more clearly in Cloudflare’s dashboard UI — as opposed to making a support request to get to the bottom.

tl;dr If using an .af TLD on Cloudflare you’ll probably want to set your DNS records as DNS-only (i.e. the grey cloud in the UI).

Posted on July 13, 2018   #dev     #blot  


← Newer post  •  Older post →