If content from your site doesn’t load or loads in an inappropriate way after integration with CDN, use this guide to quickly fix common CDN issues.
Request any file that should be delivered via CDN from the source (your website) and ensure that you get an HTTP 200 response code.
For example:
The request will look as follows:
http://example.com/image.png
If the file opens correctly (HTTP 200 response code), the issue is not related to the website. In this case, check the CDN options according to the instructions below. If the file load fails (HTTP 4xx or 5xx response codes), the issue is related to the website origin, not to the CDN.
If the CNAME record of the personal domain isn’t configured or configured with mistakes, the content will be delivered from the source and not via CDN. To check the CNAME record and set it up correctly:
1. Go to the Resource settings and look at the Setup guide. If there is the x steps left label, click on it. If there is no label, go to the next section.
2. Click the Check DNS setup status button.
If the CNAME record doesn’t set up, this notification will appear:
If there is a notification, go to step 3. If there isn’t, go to the next troubleshooting section.
3. Open Gcore DNS Lookup enter the CNAME of your CDN resource from the notification (in the screenshot above, it is cdn.example.com), choose from which servers the domain should be checked and press Search.
Choose the CNAME tab at the bottom of the page. If the value from the Setup guide appears, it means that you have already configured the CNAME record with the correct value, but the DNS records didn’t update. Repeat step 2 again in 15 minutes. It must show that the record is configured.
If you see the “No records were found” label, add the CNAME record according to the "CNAME record configuration in DNS settings" guide.
4. Save the changes and wait for the records to update. Usually, it takes 15 minutes. But if you have recently changed the domain's NS servers, it may take up to 24 hours for the DNS records to be updated.
Try to request the content from the CDN once again. If it was a matter of personal domain settings, the issue won’t happen again.
If the Host header does not match the website source, your website won’t be able to process requests from the CDN, and the content won’t load. To check the Host header and set it up correctly:
1. Go to the Resource settings and find the Host header option.
2. Copy the value of the Host header.
3. Run the following command in the terminal or console:
where:
4. If you see the response code 2xx, the issue isn’t related to the Host header. Go to the next troubleshooting section.
If the response code is 4xx or 5xx, it means that the Host header wasn’t set properly. To fix it:
If you have chosen the inappropriate origin pull protocol (HTTP, HTTPS, or both), the CDN resource will request the content from your website with an error or a redirect. To check if the protocol was chosen properly and correct an error:
1. Find out which protocol your website uses. You can see the type of protocol at the left of the domain name in the browser address bar. If there is a padlock icon:
it means that your website works via HTTPS protocol. If you copy the domain name, it will be copied as follows: https://example.com
.
If you see the Not secure label:
it means that your website works via HTTP. If you copy the domain, it will be copied as follows: http://example.com
.
It is also possible that the content on the origin is available both via HTTP and HTTPS. To check it, open your website using the protocols http://example.com
and https://example.com
.
2. Go to the Resource settings and find the Origin pull protocol option. You will see what protocol is selected.
3. Compare the protocol from step 1 with the value in step 2. If they are the same (e.g., the website works via HTTP and in the Origin pull protocol option HTTP is set), the issue isn’t related to the protocol. Go to the next troubleshooting section.
If they are different, go to the next step.
4. Change the value in the Origin pull protocol option according to the "Origin. Specify origin and origin pull protocol guide. Select the type of protocol that your website uses. Save changes and then clear the CDN cache.
If you enabled the SSL option, but the SSL certificate for your personal domain (e.g., cdn.example.com) isn’t added or is added with an error, the content won’t be available via the CDN, or you will see a notification that the connection isn’t secure in the browser.
To check the SSL configuration and set it up correctly, go to the Resource settings and find the SSL option. Make sure that the Enable HTTPS option is enabled.
There are two types of SSL configuration: Get free Let’s Encrypt certificate and Add or select your own SSL certificate. In both cases, wait about 15–30 minutes after you issue/add the certificate for the updates to register.
The troubleshooting scenario depends on the chosen SSL certificate type.
1. Go back to the personal domain troubleshooting section and make sure that the CNAME record for the personal domain of your CDN resource exists. If not, add it. Otherwise, Let’s Encrypt won’t be able to issue a certificate. If so, go to the next step.
2. Go to the Resource settings and find the Rules section. If there are no rules, go to the next step.
3. Make sure that there are no rules denying requests to the personal domain (CNAME) of your CDN resource. Let’s Encrypt sends requests to your personal domain to issue a certificate. If requests are denied, the issue will fail. To determine whether the rule prevents requests, open every rule and look at the Rule pattern field. If you see the value
/*
or
((?!(jpeg|gif|png|pdf|jpg|css|js|woff|woff2|ttf)).)\*$
this rule denies requests to the personal domain. To fix the certificate issuing, delete the rule or change its pattern. The next time Let’s Encrypt sends a request, the issue will be successful.
1. Run the following command in the terminal or console:
where:
If you see the 2xx response code, go to the next step.
If you see the following error in the command output
curl: (77) schannel: next InitializeSecurityContext failed: SEC\_E\_UNTRUSTED\_ROOT (0x80090325)
it means that the certificate is self-signed. Self-signed certificates are not suitable for content delivery. In this case, issue a new certificate with the Certificate authority (CA) and add it according to the "How to add a personal SSL certificate in the SSL certificates section" guide. Then clear the CDN cache and try to request the content again.
2. Open your website and request any file that is delivered via the CDN. Click the padlock icon or the Not secure label and choose the certificate. View the following values:
If you see that the certificate is issued for the personal domain of your resource (if you see *.example.com, it means that you are using a wildcard certificate that provides all your subdomains, including cdn.example.com), and the certificate is not expired. Go to the next step.
If not, you need to renew the certificate (if the problem is caused by expiration) or issue a new one for the personal domain of your CDN resource.
3. Go to the SSLlabs website, enter the personal domain name in the Hostname field and press the Submit button as follows:
The check will take a few minutes. If you see no chain issues or the rating A+, the error isn’t related to SSL. Go to the next section.
If you see class B or chain issues as follows
the chain of the SSL certificate is incomplete or added in the wrong way. Go to the SSL certificates section in the Gcore Customer Portal. Delete the wrong certificate and add it again according to the "How to add a personal SSL certificate in the SSL certificates section" guide.
If the cache options were configured with mistakes, you will see a low percentage of cache traffic or content will be loaded slowly.
To check cache options and set them up correctly:
1. Go to the Dashboard section and click Total traffic.
2. Set the Cache hit ratio filter, the CDN resource, and the appropriate date. If you see less than 60% of Cache Hit Ratio traffic, it means that a small amount of content is delivered from the cache.
In this case, ensure that you ran the CDN resource more than two days ago. This time is needed to ‘warm up’ the cache. If not, wait two days. Also, you need to have many requests from end-users to cache the requested content. If you have a small number of requests, the cache will be purged in 36 hours, regardless of the settings. Try to increase the amount of traffic. If the problem isn’t solved, go to the next step.
If the percentage of cache traffic is higher than 60% and you don’t experience a slow load time, go to the next section.
3. Request any file that is delivered via CDN in the browser or console (terminal) and check the values of the Cache and Cache Control headers. If you see at least one of the following values, it means that there is a problem in the cache settings:
If you see the values, go to the next step. If not, go to step 5.
4. Go to the Resource settings and find the CDN caching option. Change the settings according to the "Configure and check CDN caching settings" guide.
5. Check the Set-Cookie and Query string options. If they are turned off, enable them. When you enable these options, CDN will cache a file with different cookies or query strings as a unique one.
There are two signs showing that there is an issue after cache clearing by the Purge option:
To check the Purge option and fix an error:
1. Wait 15 minutes after purging until the cache is cleared on all servers.
2. Run the following two commands in the terminal or console to request the same file from both the source and the CDN:
curl -I cdn.example.com/image.png
curl -H "Host: example.com" -I http(s)://10.0.0.1/image.png
where:
3. Compare outputs, paying attention to the values of the following headers:
If you see that the Etag and Content-Length values of the two files don’t match or that the date in the X-Cached-Since header is outdated, it means that there is a mistake. In this case, you should go to the next step.
If the values are the same and the date is relevant, purging has been performed correctly.
4. Try to repeat purging according to the "Clear CDN resource cache by URL, pattern or all" guide. Pay attention to the path pattern if you select Selective purge. We recommend checking whether the pattern was right by using the regular expressions service. To do this, enter the path pattern for purging on the top line, and in the bottom area, enter the URL of the file. If you see the result “no matches”, there was an error in the path pattern. Correct the path pattern and repeat purging.
If the problem persists after performing troubleshooting according to this guide, contact support via chat or email at support@gcore.com. You may have an atypical problem that requires assistance from technical specialists. We’ll be happy to help!
Was this article helpful?
Learn more about our next-gen CDN