You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1016.mdx
+20-1Lines changed: 20 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,6 @@ Common causes for error `1016` are:
16
16
- A CNAME record in the Cloudflare DNS points to an unresolvable external domain.
17
17
- The origin hostnames (CNAMEs) in your Cloudflare [Load Balancer](/load-balancing/) default, region, and fallback pools are unresolvable. Use a fallback pool configured with an origin IP as a backup in case all other pools are unavailable.
18
18
- When creating a Spectrum app with a CNAME origin, you need first to create a CNAME on the Cloudflare DNS side that points to the origin. Please see [Spectrum CNAME origins](/spectrum/get-started/#create-a-spectrum-application-using-a-cname-record) for more details.
19
-
- There is no DNS record for the hostname in the Cloudflare for SaaS target zone.
20
19
- There is no DNS record for the hostname in the target [Partial (CNAME) setup zone](/dns/zone-setups/partial-setup/) of a Workers subrequest ([Fetch API](/workers/runtime-apis/fetch/)).
21
20
22
21
### Resolution
@@ -26,3 +25,23 @@ To resolve error `1016`:
26
25
1. Verify your Cloudflare DNS settings include an A record that points to a valid IP address that resolves via a [DNS lookup tool](https://dnschecker.org/).
27
26
2. For a CNAME record pointing to a different domain, ensure that the target domain resolves via a [DNS lookup tool](https://dnschecker.org/).
28
27
3. For a Workers subrequest to a Partial (CNAME) setup zone, ensure that the hostname exists on the Cloudflare zone (and not only at the authoritative DNS).
28
+
29
+
## Error 1016 in the context of SSL for SaaS
30
+
31
+
Cloudflare returns a `1016` error when the [custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames/) cannot be routed or proxied.
32
+
33
+
### Common cause
34
+
35
+
- Custom hostname ownership validation is not complete.
36
+
- Fallback origin is not [correctly set](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/#1-create-fallback-origin).
37
+
- A wildcard custom hostname has been created, but the requested hostname is associated with a domain that exists in Cloudflare as a standalone zone.
38
+
- There is no DNS record for the hostname in the Cloudflare for SaaS target zone.
39
+
40
+
### Resolution
41
+
42
+
1. To check validation status, run an API call to [search for a certificate by hostname](/cloudflare-for-platforms/cloudflare-for-saas/start/common-api-calls/) and check the verification error field: `"verification_errors": ["custom hostname does not CNAME to this zone."]`. The error will be resolved once the status is `active`.
43
+
2. Confirm that you have created a DNS record for the [fallback origin](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/) and also set the fallback origin.
44
+
3. The [hostname priority](/ssl/reference/certificate-and-hostname-priority/#hostname-priority) for the standalone zone will take precedence over the wildcard custom hostname. This behavior applies even if there is no DNS record for this standalone zone hostname. Use a specific hostname instead of a wildcard or [remove the standalone zone from Cloudflare](/fundamentals/manage-domains/remove-domain/).
45
+
4. Make sure that each hostname that needs to be served by the Cloudflare for SaaS parent zone has been added as an individual custom hostname and has the status `active`.
0 commit comments