Cloudflare for Saas - custom hostnames and origin server

What is the name of the domain?

What is the issue you’re encountering

cant make custom hostnames work

What are the steps to reproduce the issue?

I was for over 20minutes typing the issue to fine detail. Submitted, some error appeared and instantly disappeared and lost all
Because I was explaining domains, fictional, and got message: new users can only post 4 links. Please Cloudflare solve this.
Im using:

• “saascom” for saas dot com
• “soccercom” for soccer dot com
• “wwwbikeshopcom”

Here we go again:

I have saas.com (fictional)

Already have an app running at sass.com and *.saascom perfectly fine.
I subscribed CF Pro, and enabled CF for SaaS.
Pointed dns on ssaascom

• A proxy-fallbacksaascom <ip_address> Proxied
• CNAME mysaascom proxy-fallbacksaascom Proxied
  Registered: SSL - custom hostnames
• soccercom
• wwwbikeshopcom
  Chose HTTP validation on both, because I want to mimic customer behavior, and have them doing the least amount of steps/friction.

Both hostnames are Certificate_Status=Active and Hostname_Statuc=Active
Messages all green: The certificate has been successfully issued and deployed.
Certificates valid for 3 moths, I expect CF to renew automatically.

The problem is, 2 questions:

1. Am I supposed to host the certs in my server?? no, right? The origin server certificate for saascom and *saascom is enough, right? What am I missing?

2. I registered 2 custom_hostnames because I read, SAD NEWS, customers can’t use apex/root domain?? Only in Enterprise plan?

Correct.

Correct.

Thanks, @sjr

Going further, I pointed a domain www.bikeshop.com (fictional, but you get the point, with www)
CNAME into my.saas.com and I’m getting SSL handshake failed.

What further information can I give to help debug?

This is a domain in Porkbun, and totally unrelated to CF.

All seems OK, but it’s not

### Review the status of xxxxxxxx

The certificate has been successfully issued and deployed.

Minimum TLS version

TLS 1.0 (default)

Certificate validation method

HTTP Validation

SSL certificate authority

Google Trust Services

Certificate type

Provided by Cloudflare

Origin server

Default origin server

Origin SNI value

Host header

I’d say, most likely your server is serving the wrong certificate. Check what certificate you get for the domain when you request directly from the server.

@Laudian so do I have to get those certificates and serve them?

Isnt the custom hostname certificate issue and renewal happening entirely in the CF infra?

I thought I just had to have the origin certificate for between CF and my server.

No, but you need to have a certificate for your origin.

From the error, it sounds like you’re not responding with any certificate for the custom hostname.

Check what certificate is served if you make a request directly to the server, using the custom hostname.

Aaaah of course!! I just have the origin certificate for the main saas domains!

I just can try tomorrow morning now. i’ll let you onow feedback, thank you so much, i think that’s it!

@Laudian that was it

I forgot to handle the “default” virtual host with the origin server certificate. Thank you!!

What would you recommend to do about the apex/root domains?

I need to have the feature for root/apex domains as well. And can’t afford the enterprise plan, I’m sure.

I’m afraid I’ll have to pull away from CF to find another solution. Didn’t want to hand roll my own thing with Certbot or Caddy, etc, and some SaaS offerings do exist, but I don’t know this space well.

All this because my customers are extremely non technical, and I have to give clear instructions on what to do for the DNS.
Should I have a separate server just for serving the redirects, from root domains to the www ??

But then I’m forced to always serve on www subdomain

Damn.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.