Troubleshooting Chrome (and now Firefox) blocks an otherwise-valid cert with NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED. The cert was never logged to CT, or its SCTs are missing, stale, or stripped. Here is how to confirm it and fix it at the source.
Troubleshooting The orange/grey cloud in Cloudflare DNS decides whether traffic hits the edge or your origin. The wrong state breaks SSL issuance, WebSockets, or origin masking. Here's how to pick the right one.
Troubleshooting You turned on DNSSEC and validating resolvers now return SERVFAIL. Read the EDE code, regenerate the DS from the live DNSKEY, replace it at the registrar, or pull the DS to roll back. Verified June 2026.
Troubleshooting You preloaded your domain, then needed HTTP back. Browsers still force HTTPS. Here's the fastest real fix, the exact removal steps, and the honest timeline.
Troubleshooting IPv4 users reach the site fine but IPv6 users get timeouts. Either AAAA is absent, points to a dead address, or your firewall blocks v6. Fix dual-stack.
Troubleshooting Delegated a subdomain to nameservers inside itself and resolution fails? The parent zone needs glue A/AAAA. Here is the dig diagnosis and the exact registrar fix.
Troubleshooting Certbot renewal stopped months ago and you only noticed when the browser flashed NET::ERR_CERT_DATE_INVALID. Diagnose the real cause and restore HTTPS in under an hour.
Troubleshooting Beginners confuse name servers (NS) and individual DNS records (A, CNAME). Changing one without understanding the other causes hours of debugging.
Troubleshooting Your site is on HTTPS but the browser shows "Not fully secure." Diagnose which of 6 mixed-content cases you have and fix it for good — with current 2026 Chrome behavior.
Troubleshooting Changed an A record but old caches won't expire? The TTL set BEFORE the change controls propagation. Diagnose your case and fix it the right way.
Troubleshooting After a DNS change your MX disappeared and mail stopped arriving. Diagnose the exact case and restore the correct records for Google Workspace, Microsoft 365, Zoho, Fastmail, or Proton.
Troubleshooting Your apex domain works but blog.example.com gives NXDOMAIN or an SSL error. The fix is almost always a missing DNS row or a domain you forgot to attach at the host. Diagnose it in five buckets.