This repository documents the complete process of diagnosing, resolving, and stabilizing a production website affected by SSL certificate errors, email delivery issues, redirection problems, and conflicting configurations across multiple providers.
The infrastructure involved three different services:
- DonWeb (Ferozo) – Hosting provider and original DNS server
- Cloudflare – CDN, SSL termination and proxy
- PXsol – External SaaS platform (domain target:
secure.pxsol.com)
Role: Infrastructure / Web Operations
This repository documents a real-world infrastructure troubleshooting case involving DNS, SSL certificates, email delivery, and multi-provider configuration.
The project focused on diagnosing and resolving complex conflicts between:
- A hosting provider (DonWeb / Ferozo)
- A CDN and SSL provider (Cloudflare)
- An external SaaS platform (PXsol)
The goal was to restore secure access, correct redirections, and reliable email delivery, while ensuring long-term stability and proper DNS propagation.
This repository serves as a technical case study, demonstrating problem analysis, decision-making, and implementation across multiple systems rather than application-level development.
The domain abedulmardelaspampas.com.ar was experiencing the following issues:
- Emails bouncing when sent to Gmail accounts
- Browser warning:
NET::ERR_CERT_COMMON_NAME_INVALID - Invalid certificate (
*.ferozo.com) when accessing the site withoutwww - Inconsistent HTTP / HTTPS redirections
- Duplicate and conflicting DNS records
- SSL certificate valid only for the
wwwsubdomain, not for the root domain
- SPF, DKIM and DMARC records were incorrectly configured in Ferozo.
- Cloudflare was partially enabled and only issuing certificates for
www. - The root domain (
@) was pointing directly to the Ferozo server without proxying (DNS Only). - PXsol SaaS required only the
wwwsubdomain to be proxied (CNAME →secure.pxsol.com). - The root domain could not obtain a valid SSL certificate from the remote server.
- A 301 redirect from the root domain to
wwwwas required.
- Created SPF record
- Created DKIM record
- Created DMARC record
- Configured SPF, DKIM and DMARC records
- A record (@) set to Proxied
- CNAME record (www) set to Proxied, pointing to
secure.pxsol.com - SSL mode set to Full
- Redirect rules enabled:
Rule 1 — HTTPS → WWW
https://abedulmardelaspampas.com.ar/* → https://www.abedulmardelaspampas.com.ar/$1 (301)
Rule 2 — HTTP → HTTPS + WWW
http://abedulmardelaspampas.com.ar/* → https://www.abedulmardelaspampas.com.ar/$1 (301)
- Correct access with and without
www - Automatic redirection to the secure version
- Website served correctly from PXsol behind Cloudflare proxy
- Email delivery fully functional (SPF, DKIM, DMARC verified)
- DNS propagation completed successfully
The website is now fully functional across all scenarios:
- Incoming and outgoing emails working correctly
- HTTP traffic redirected to HTTPS
- Root domain redirected to
www - Valid HTTPS certificate provided by Cloudflare
- No browser security warnings
- PXsol hotel management platform operating correctly behind the proxy
- Ferozo configuration (SPF / DKIM / DMARC)
- Advanced DNS administration
- Cloudflare (SSL, Proxy, Rules, Redirects)
- SSL troubleshooting and resolution
- Multi-provider infrastructure analysis
- Technical coordination with hosting support
- Technical documentation and client communication
- SSL issues often originate from DNS and proxy misalignment, not from the certificate itself.
- Mixing proxied and non-proxied records can lead to inconsistent SSL behavior.
- Root domains and 'www' subdomains may require different handling depending on SaaS limitations.
- Proper 301 redirections are essential to avoid certificate mismatch errors.
- Email delivery problems are frequently caused by missing or incorrect SPF, DKIM, and DMARC records.
- Cloudflare SSL modes must match the capabilities of the origin server.
- Documenting infrastructure changes is critical for future maintenance and support.
- Multi-provider setups require a holistic view rather than isolated fixes.
- Clear technical communication with hosting support accelerates resolution.
This repository includes flow and architecture diagrams illustrating the before and after states of the DNS and SSL configuration.
Figure 1 — DNS flow
Figure 2 — Before vs after DNS & SSL architecture
Figure 3 — Problem, diagnosis and solution process
Figure 4 — 301 redirects configured in Cloudflare