Cloudflare Origin CA certificates Full(strict) SSL/TLS

Ok, I I think I have most of what I need to know already except for 1 question. I’ll preface with the scenario:
I have freedns, 2 domains(But this question is related to 1 single domain) 1 ip address, the domain and all subdomains orange clouded and have either a or cname records and they are already working orange clouded, coming in and going out of that 1 ip on 443 https, or 80 i guess but hopefully not to much longer. So i want to get the origin cert and use full strict. Hopefully with a wildcard so i don’t have to list all the subs but anyway. So I have *.mydomain.com, www.mydomain.com, mycat.mydomain.com, etc and include them or the wildcard if that will work when getting the cert.

The question is lets say my hardware is old and under strain and just wont handle the subdomain mycat, so i put it on a different physical server and internally route requests for that subdomain to the 2nd physical server. Keeping in my that everything I said in the first paragraph still being true, would the cert work on the 2nd web server. If not can i get 2nd origin ca cert for that domain. Either way is fine but I hoped to not have to get another cert when the wildcard should cover it I would think, same domain, same port 443 on the same ip, technically a different endpoint but not really.

The reason I’m asking and being specific about the setup etc is, in all the many posts I read, every one had “your origin web server” referenced, never in plural, so I started to wonder.

I hope so, if not I would have to take the mycat subdomain and move it to mydomain2.com and get a Origin CA cert for mydomain2. Then I would have mycat.mydomain2.com. And mycat would be alone and sad.

If Cloudflare queries that IP address for that hostname, it needs to see that Origin Certificate.

You can test it like this:
curl -svo /dev/null https://example.com --connect-to ::123.123.123.123 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.