I’m in the process of moving SSL certs from Lets Encrypt on my Nginx box to CF’s origin issued certs.
I’ve not had any problems with top level domains, such as example.com. However with SUBDOMAINS the certs refuse to work.
I’ve tried setting up the PEM and Key as both named subdomains (sd1.example.com), and as wildcards (*.example.com). HSTS is inactive for all the sites “max-age=0”, I’ve cleared all data on my browsers (FF and Chrome), my nginx scripts are exactly the same. Caching on the my server is disabled, and CF caching is purged. Doesn’t matter if encryption level is full or full-strict.
In one instance, I have a root level domain where the CF cert works, but the subdomain won’t work. In another instance, I do NOT have a root domain, but I only use subdomains, and the subdomains won’t work.
Error message is “invalid certificate”. If I flip back to using LE cert, site works as expected. What seems to be the problem?