New on LowEndTalk? Please Register and read our Community Rules.
subdomain issue with cloudflare
pikachupokemon
Member
in Help
I'm still learning.
The ip addresses of www.subdomain.domain.com,
https://www.subdomain.domain.com,
and http://www.subdomain.domain.com are my hosting's.
The ip addresses of subdomain.domain.com,
and https://subdomain.domain.com are cloudflare's.
I want to make the ip addresses of those with www.subdomain.domain.com to be that of cloudflare's. Basically, those with 'www'.
My current cloudflare settings:
A domain.com content: hosting ip address
A subdomain content: hosting ip address
A www content: hosting ip address
Cname www.subdomain content: hosting ip address
i think the issue is with the cname.
Comments
Cloudflare issues its own SSL certificate to the site (domain) for which the proxy is set, and at this time it issues a wildcard certificate. This wildcard certificate causes exactly the problem you point out.
example.comsub.example.comwww.sub.example.comsub.sub.example.comOne workaround is to use
-instead of..www-sub.example.comsub-sub.example.comNote that this occurs in the Proxy range, so if you have DNS only selected for DNS, it will work fine.
https://www.cloudflare.com/learning/dns/dns-records/dns-cname-record/
Pay them for 3rd level domain or stay with subdomain
10$ per month for the possibility of deeper subdomains if you really need it
basically a wildcard certificate includes *.domain.com, what you're trying to reach (
*.*.domain.com) is out of the wildcard range and needs extra cert.Setting up cloudflare workers on a nested subdomain can cause a certificate to be made iirc. Maybe pages would work too
http://subdomain.domain.com works. Only www.subdomain.domain.com, http://www.subdomain.domain.com and https://www.subdomain.domain.com don't.
For www-sub.example.com and
sub-sub.example.com,Do I key them in as cname or a records?
I don't think using dash makes the domain valid
It should work fine. Of course, you can also remove the
.or-instead.Please count the points.
Cloudflare provides a cert for a maximum of 2 points.
So
Domain.com (1 point -> ok)
Www.domain.com (2 points -> ok)
Sub.domain.com (2 points -> ok)
Www.sub.domain.com (3 points -> NOT ok)
You do not get a wildcard cert with pages. Only an exact matched cert.
how to get coverage for 3 points?
Do it yourself. -> let’s encrypt (with some Webserver of your choice)
You can get a wildcard or just your directly request www.subdomain.domain.com
Or buy one from any provider offering such a wildcard.
*.subdomain.domain.com
Which cost money
..domain.com ist not a valid path for a certificate according to RCF 6125: only one wildcard on the most left is valid.
Just my 2 cents:
Don’t do www.subdomain.domain.com
It just don’t get into my head why we need to have a www for every subdomain. It just makes the url longer and modern browsers will omit it anyways.
if you use a wild card cert then you dont need to worry about how many subdomains you have.
Yes. But only one wildcard is supported.
The asterisk only applies to one field in the name submitted to the CA
..domain.com will not work
So for his usage he would need more wildcards or a multi-Domain wildcard certificate.
These are not cheap at all.
if that's the case then if i were you i would only use 1 subdomain level
( www.example.com = subdomain of example.com )
( subdomainofwhateveryouwant.example.com = still 1 subdomain level )
hopefully this helps!