Using an .af TLD with Blot (via Cloudflare)
Published July 13, 2018
I recently found Blot and made the jump. I spent time reading the docs and creating a theme for my blog. David has been very helpful answering questions I’ve encountered through the process.
One such issue I encountered was getting my domain, paul.af, setup with Blot. This is a general overview of that issue.
Using Cloudflare
Blot’s docs on using a custom domain specify using an ALIAS DNS record for an apex (e.g. paul.af vs www.paul.af) domain. An ALIAS record specifically is only available via DNSimple — a paid service. However, Cloudflare supports CNAME flattening which will also work. Having used Cloudflare previously (on their generous free tier) I opted for that route.
After updating the nameservers to point to Cloudflare & adding the domain in Blot it was time to play the game of How Fast Can DNS Propagate™. However, when trying to reach my site I was getting a cryptic SSL error:
Cryptic SSL error
I also noticed that within Cloudflare my Universal SSL Status was marked as Ineligible for SSL which was odd. On a whim, I updated the DNS records as “DNS only”, as opposed to the default DNS & CDN (routes traffic through Cloudflare).
Oddly enough, this worked. But why?
The Culprit
I put in a support ticket with Cloudflare to get to the bottom of this issue. Several days later, I got a response:
Universal SSL does not currently support issuing for the .af ccTLD.
This is due to a restriction from Comodo: https://support.comodo.com/index.php?/Knowledgebase/Article/View/989/0/banned-country-list
Ideally I would’ve liked to see this issue presented more clearly in Cloudflare’s dashboard UI — as opposed to making a support request to get to the bottom.
tl;dr If using an .af TLD on Cloudflare you’ll probably want to set your DNS records as DNS-only (i.e. the grey cloud in the UI).