✅ Blogger and Cloudflare

I have been told by many forums that what I have actually done cannot be done, but here you are on the Blog with it being done, talk about a red flag 🚩 to a bull 🐂 - remember, you can fail many times but you only need to be successful once.

You will see lots of posts about this on the Cloudflare forums, You also get the same on the official blogger forum, Please remember with forums it’s not official staff trying to fix the problem. It’s what other people have done that may or may not have worked.

You will find lots of advice on how to fix this particular problem, but no one put it together, You have to take a voice from all over the Internet and collate it into one article, that for me, is this article.

Obviously you first need to be aware that you have two individual CDN platforms operating, You have the one from Cloudflare and one from Google, So somewhere along the line, something is conflicting.

I went through a vast errors, including SSL communication errors, you are being redirected, too many times error, Cloudflare SSL handshake error with code 525 problem.

1) Getting correct Record in Cloudflare

The records you need to make sure are added are those Blogger generated for you while setting up your custom domain. 

They included two CNAMEs and optionally the 4 A Records needed to redirect your naked domain to the WWW version:

• CNAME: www (or subdomain) pointing to ghs.google.com
• CNAME: unique record pointing to x.googlehosted.com
• A Record: 216.239.32.21
• A Record: 216.239.34.21
• A Record: 216.239.36.21
• A Record: 216.239.38.21

2) Records and proxied or not?

This is another interesting point to bring up here, if you have proxied record, which seems to be referred to as the orange cloud icon, then that means it’s protected by Cloudflare security, however, if you have a grey cloud, which is not protected by Cloudflare security then this will be referred to as a DNS only record.

In a previous article about moving my domain registrar I spoke about making sure the records were grey clouds therefore DNS only, However, what is the point of a secure service you can’t use because you have told records to be DNS only, this is the process of making the record DNS only:

Therefore, I can tell you that that advice is incorrect, all your records need to be proxied, which is the orange cloud icon to ensure maximum protection, the only CNAME Record that does not need to be protected and can be DNS only is the CNAME for the certificate security - this is the only normal DNS record required. All the other records should be proxied with the orange cloud icon.

3) Security CNAME record

I originally was with Google domains before they sold their soul to the devil and moved it to Squarespace - This means that magical one time security CNAME record is unknown to myself, it was not in the DNS BIND Export so I would imagine because I was with Google domains it just worked

That’s fantastic, but I’m no longer with Google domains, so it will no longer work when the certificate comes round for renewal, So I need to get this record once again.

Just to be transparent here, There is lots of talk on the Internet about using the webmaster toolset, All the newly named Google search console, However, this record did give me a TXT name but not the CNAME I am after?

So for this particular record you are only left with one choice as it cannot be recovered manually:

3a. Remove Custom Domain First

• Go to Blogger and select the blog you are having this issue of deletion of CNAME records for Blogger.
• 
  
• Go to the setting of the Blog whose CNAME records have been deleted mistakenly.
• 
  
• In this method, you must remove that custom domain first. The remove custom domain option can be found under the publishing option of the settings, this is how it should look:
  
  

3a. Add New Admin

• Create a new Account on Google or your family members or your other existing account.
• 
  Then after the removal of the custom domain, scroll below to the Permission section and click under invite more authors.
• 
  
• A popup will appear requiring an email address. Provide the email address of the invited account and click on send.
  
  
  
  
  
• Check the email address and accept the invitation for the same from the invited author’s account, you will need to accept this with a Google account that is not the current Admin for Blogger.
• 
  
• After the invitation is accepted successfully, again go to the settings of Blogger from the main account.
• 
  
• Under Permission, click on Blog admins and authors.
  
  
  
  
  Change the status of the invited account to Admin from the author and save it.

3c. Add Custom Domain From New Owners 

Before heading to the next step, make sure you removed the custom domain from the blogger

• Go to the invited account and click on a custom domain which is located under the publishing section of settings.
• 
  
• Add the domain which has stopped working on the field of the domain(must include www)
  
  
  
  
  Now, add the new CNAME records provided by Blogger to Cloudflare DNS as for now an DNS Only record (grey cloud)
• 
  3d, Enable HTTPS on Blogger
  
  You then need to enable HTTPS to ensure you get a certificate generated using the CNAME record above, and after a while this will say Available for HTTPS:
  
  
  
  
  
  3d. Disable HTTPS redirect in Blogger

This is critical if using Cloudflare, if you do not make this change then Cloudflare then you will get redirection errors, the usual error is "multiple direction error":

4. Cloudflare SSL mode update 

This is the final step you need to make in Cloudflare, for that you will need to navigate to SSL/TLS and then choose the overview option.

This by default will be set to Full, If you read the description for the setting, it’s currently on, It’s encrypt in the browsers connection to cloud flare and the cloud flare connection to blogger - Unfortunately, Cloudflare is unable to control the certificate because it’s managed by blogger.

This is the reason why you get the handshake failure, So, to fix that particular problem, you need to change the mode to Flexible as below:

Yes, this only protects the connection from a browser to Cloudflare but that is all you need for Cloudflare to do its fantastic job of securing your website.

Done : Confirm everything is working ✅

This is a pretty simple check because it involves visiting your website and making sure it works, if you have followed this article correctly, you should now get your blog working absolutely fine through Cloudflare.