I’ve been successfully using Cloudflare DNS & Origin certs along w/ Nginx to proxy sites for my domain as well as subdomains of my domain.

I recently decided I’d like to add an additional level of subdomains (for example, test.app.mydomain.com), but after configuring a DNS record for it as well as adding the correct Nginx proxy record, I receive the following error when navigating to the site:

The connection for this site is not secure

**test.app.<mydomain.com>** uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Here’s what I’ve tried:

• Added the appropriate DNS record to point test.app.mydomain.com to my Cloudflare tunnel
• Created the appropriate Nginx proxy record
• Expanded my Origin cert to cover my domain, *.mydomain.com, as well as *.app.mydomain.com

My Nginx logs are not providing any useful information. Can anyone advise what else I might need to do in order to get it working?

Have a look here…

I’m using the Advanced Certificate Manager for this myself.

To confirm - it sounds like I can’t get a subdomain deeper than a single level without upgrading my plan?

Not if you want to proxy (orange-cloud) it securely (i.e. HTTPS), no. You can use the Advanced Certificate Manager for deeper subdomains.

Can I get around this by using an external certificate authority (Let’s Encrypt), or is that fact that I’ll still be using Cloudflare for DNS and tunneling still prevent me from not having to pay for additional subdomain levels?

Kind of, but in general no. If you want to use most Cloudflare features your hostname needs to be Proxied .

You need a Business or Enterprise Plan to bring your own cert for host names.

Otherwise you need a Cloudflare managed cert, and ACM is the only way to get more than one level deep in the hostname with a Cloudflare managed cert.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.