I’ve seen a few posts about similar problems, but didn’t find any solutions there.
My primary domain, paulraphaelson.com, works fine with cloudflare cdn active or bypassed.
The subdomains (words.paulraphaeson.com, and a couple of others ) all resolve as expected when Cloudflare is bypassed (gray cloud). But with the CDN active they redirect to the primary domain.
These sites are hosted on the Cloudways platform, which is a little unusual compared with the hosts I’m used to. But the DNS setup seems easy enough. Every site has a separate “application” on the server, each with its own settings. You choose domains and subdomains are supposed to resolve at each application, and you’re done.
My domain registrar points my primary domain to Cloudflare’s nameservers. If there are any other options to be selected there, I don’t see what they’d be.
All my subdomains have SSL certificates associated with them (from Let’s Encrypt, provided by Cloudways). One thing I notice is that even though I’ve selected the Strict encryption policy and Always Use HTTPS, only the primary domain connects with HTTPS (unless you specifically enter that with the url). I’m not sure if this could be related.