PanelAlpha Documentation
Back Home
Live Demo Get Started

Cloudflare

Documentation
    Introduction
Getting Started
    Installation Guide Update Guide SSL Configuration Translations
System Configuration
    General Configuration Plans Large WordPress Sites Hosting Servers DNS Servers Email Servers Remote Backups Notifications Automatic SSL Plugins & Themes Reseller Area Background Billing Diagnostic Mode Automatic Tester Snapshot Tool Server Migration
Admin Area
    Dashboard Instances Services Users Logs Migrations
Onboarding Methods
    Quick Onboarding Super Quick Onboarding Standard Onboarding
Hosting Servers
    Hosting Scenarios PanelAlpha Engine cPanel Plesk DirectAdmin WP Cloud
DNS Servers
    Cloudflare cPanel DNS Only PowerDNS
Email Servers
    Mailcow cPanel
Billing Systems Integrations
    PanelAlpha WordPress Hosting For WHMCS
Billing Scenarios
    Introduction Free Trial Period
Integrations
    Atarim AWStats Matomo Google Analytics Let's Encrypt Google PageSpeed Insights DB-IP Extendify WithoutDNS
Client Area - Instances
    List of Instances Creating New Instance Importing Existing Instance Instance Details Changing Domain Sharing Instances Monitoring Backups Plugins Advanced Settings
Client Area - Hosting
    Summary Domains FTP Accounts SFTP Accounts MySQL Databases Cron Jobs File Manager DNS Zone Editor Email Addresses Email Forwarders

# Cloudflare

  • Problem with creating DNS zones
  • Connection issues with Cloudflare
  • Server name in Cloudflare server configuration
  • DNS propagation is in progress
  • SSL order stuck on "Awaiting DNS Propagation" or skipped
  • Zones or records not created/cleaned up
  • DNS zone manually deleted on Cloudflare - how to reassign
  • Invalid mail TXT records
  • Accessing admin panel without exposing port 8443 using Cloudflare Tunnel

# Problem with creating DNS zones

Problem: Cloudflare DNS zones are not being created correctly due to DNS settings, with the error Resource not Found.

Solutions:

  1. Verify the API token settings to ensure proper permissions for Zone in the Cloudflare panel. Read more here (opens new window).
  2. Check notifications in admin area of PanelAlpha for more details.

# Connection issues with Cloudflare

Problem: Test connection fails with Cloudflare.
Solution: Check your API privileges and follow the instructions in the Cloudflare documentation.

# Server name in Cloudflare server configuration

Question: What should be entered for "Server Name" under DNS → Add Cloudflare server?
Answer: The server name is for internal use - choose any name to easily identify it.

# DNS propagation is in progress

Problem: In the client area you see messages like "DNS propagation is in progress" or verification keeps failing when using Cloudflare.

Why this happens with Cloudflare:

  • If your plan uses verification mode "Compare A record with hosting IP address", Cloudflare’s proxy (orange cloud) returns Cloudflare edge IPs, not your origin/hosting IP, so the A-record check fails.
  • If your plan uses "Compare NS records with DNS server's nameservers" but the domain is delegated to Cloudflare nameservers (or to a different provider than your selected DNS server), the NS check fails.
  • If your plan uses "Compare CNAME record with custom domain" but the allowed targets are not configured correctly, the CNAME check fails.

Solutions (align with Plans → DNS → Advanced DNS Configuration → Client Area → Domain DNS Verification):

  1. For proxied Cloudflare zones, prefer:
    • "Compare CNAME record with custom domain" and set Valid CNAME Addresses to your expected targets (e.g., your platform domain like example.com, onboarding domain like *.apps.example.com). Wildcards are supported (e.g., *.quicns.com).
    • Or select "Don't verify" to disable verification and hide propagation messages.
  2. Avoid "Compare A record with hosting IP address" for proxied domains. If you must use it, temporarily turn the proxy off (gray cloud) so the record resolves to the origin IP, complete verification, then re-enable the proxy.
  3. Use "Compare NS records..." only if the domain is expected to use the nameservers of your selected DNS server. If the domain stays on Cloudflare (or any third-party DNS), this check will not pass—switch to CNAME or Don't verify.

TIP: Ensure your plan's DNS settings match your actual DNS architecture. If PanelAlpha creates zones on an internal DNS but clients point domains to Cloudflare, NS verification will fail by design—use CNAME verification or disable verification.

# SSL order stuck on "Awaiting DNS Propagation" or skipped

Problem: Automatic SSL never finishes or shows as "Skipped" when using Cloudflare.
Solutions:

  1. Temporarily disable the proxy (gray cloud) for hostnames being validated so Let’s Encrypt can reach the origin IP.
  2. Set Cloudflare SSL/TLS mode to Full or Full (strict).
  3. Ensure the API token has DNS:Edit, Zone:Edit, Zone Settings:Edit, and Cache Purge:Purge scopes.
  4. If Cloudflare already serves a certificate and you see "Skipped," keep using the Cloudflare cert or gray-cloud to issue a PanelAlpha cert if required.

# Zones or records not created/cleaned up

Problem: New instances do not create Cloudflare zones/records, or deleted instances leave stale records.
Solutions:

  1. Confirm the plan has the Cloudflare DNS server assigned.
  2. In Admin → Configuration → Servers → DNS Servers → Zones, use Import Zone to resync.
  3. If Auto Delete DNS Zones was disabled, remove leftover zones/records directly in Cloudflare.
  4. For aliased root domains, ensure both the root and www are allowed; keep them unproxied during initial validation.

# DNS zone manually deleted on Cloudflare - how to reassign

Problem: A DNS zone was manually deleted directly on Cloudflare (outside of PanelAlpha), and now you want to create a new zone or the system shows the zone as existing when it doesn't.

Solution: Delete the orphaned zone record from PanelAlpha's Admin Area:

  1. Navigate to Admin Area → Services and find the affected service
  2. Click on the service to open its details page
  3. Go to the DNS Zones tab
  4. Locate the orphaned zone that was manually deleted from Cloudflare
  5. Click the delete icon (trash) next to the zone
  6. Check the confirmation checkbox and click Delete

After deletion:

  • The zone record will be removed from PanelAlpha's database
  • PanelAlpha will attempt to delete the zone from Cloudflare (which will gracefully fail if already deleted)
  • You can now manually create a new zone on Cloudflare and import it into PanelAlpha via Admin Area → Configuration → Servers → DNS Servers → select server → Synchronize → Import Zone

Tip: This approach also works when you need to recreate a zone with different settings or when troubleshooting zone synchronization issues between PanelAlpha and Cloudflare.

# Invalid mail TXT records

Problem: TXT mail records (SPF/DKIM/DMARC) show as invalid in Cloudflare.
Solution: Cloudflare requires TXT values to be quoted. Recreate the records with quoted values, then retry validation (e.g., for WP Cloud transactional mail).

# Accessing admin panel without exposing port 8443 using Cloudflare Tunnel

Problem: PanelAlpha admin panel requires port 8443, which may not be accessible or desired in certain network configurations.

Solution: Use Cloudflare Tunnel to map your admin panel URL to the required port without exposing port 8443 directly:

  1. Set up a Cloudflare Tunnel for your domain
  2. Map your admin panel subdomain (e.g., admin.domain.com) to your PanelAlpha server's port 8443 through the tunnel
  3. Configure your firewall to allow connections through Cloudflare

Benefits:

  • Admin panel remains secure and accessible without opening port 8443 to the public internet
  • Firewall protection through Cloudflare's security features
  • No impact on SSO or user login functionality
  • PanelAlpha validates only the domain suffix (e.g., *.domain.com), so the tunnel mapping works seamlessly

Note: This approach does not affect SSO authentication or client-area login procedures, as PanelAlpha only validates that the domain belongs to your configured domain.