Hubspot based website, forbidden with cloudflare ?

New Contributor

My website is created and maintained through Hubspot.

However I'm receiving a:

403 Forbidden 

Cloudflare

 

when visiting my website: 

http://1797922g22.secure015.hubspot.net

 

Anyone here have any idea how to resolve or better yet whats causing it?

 

According to CloudFlare the cause of the problem lies with Hubspot:

https://support.cloudflare.com/hc/en-us/articles/115003014512-4xx-Client-Error#code_403 

 
Reply
0 Upvotes
10 Replies 10
Highlighted
Regular Advisor | Silver Partner

Hi @KeyTalk 

 

We use (and love) Cloudflare with HubSpot CMS.

 

Let me know if you want to meet online to have a look?

Mike

Reply
0 Upvotes
New Contributor

Hi @Mike_Eastwood 

 

What should I do to troubleshoot? Any pointers are welcome

Reply
0 Upvotes
Regular Advisor | Silver Partner

@KeyTalk  Are you using CNAMEs to point to HubSpot or A Records?

Reply
0 Upvotes
New Contributor

@Mike_Eastwood  yes we are.

 

WWW points as a CNAME with TTL 5 minutes  to 1797922g22.secure015.hubspot.net. 

Reply
0 Upvotes
Regular Advisor | Silver Partner

In Cloudflare does "Proxy status" say "DNS Only"?

 

You want to go straight through Cloudflare (as far as I know you do NOT want their caching).

 

Mike

Reply
0 Upvotes
Regular Advisor | Silver Partner

@KeyTalk also, HubSpot CMS used to* only work with "www" not the root domain.

 

Are you using www.yourdomain.com or yourdomain.com?

 

*I think they'd fixed the root domain (non-www). 

Reply
0 Upvotes
New Contributor

@Mike_Eastwood  we're using WWW only Smiley Happy

Regular Advisor | Silver Partner

@KeyTalk are there any errors showing in HubSpot?

 

Settings (cog top right) > Domains & URLs > Domains Tab

 

 

Reply
0 Upvotes
New Contributor

@Mike_Eastwood  

All domains show GREEN and connected

Reply
0 Upvotes
New Contributor

@Mike_Eastwood 

 

Hi Mike, again your help was much appreciated, espcially the ZOOM call made us go through several potential issues rather quickly.

 

Im at developer level support now with Hubspot, as first line didnt understand it either.

 

The issue is apparently caused by a malformed CAA record, which didnt get caught initially but was caught later on.

 

Due to the malformed CAA record  [0 issue "digicert.com'" which get interpreted as 0 issue "digicert.com\\226\\128\\153"] the cert did not get renewed on time by Hubspot. 

 

And because the site enforces trusted HTTPS and the cert invalidated due to expiry, the answer of the website is: 403 forbidden

 

 

Ie solution was:

Update the CAA record to proper format, let the SSL certificate renew.

 

Now awaiting to see if this indeed solved the problem