Cloudflare Origin Certificate problem with Subdomains

Hi,

Yesterday I installed Cloudflare Origin Certificate on my wesbsite.

Everything was working fine yesterday but when I got up this morning, I noticed that one of my subdomains (crm.site.com) was not working properly and it was automatically redirected to main domain (site.com)

I thought that as I installed the CF origin Certificate yesterday and the problem could have started after that.

I went to Cpanel and looked for the installed certificates for the main domain site.com and the subdomain crm.site.com.

I noticed that the site.com had cloudflare origin server but the crm.site.com subdomain had Cpanel auto SSL.

I thought that maybe this is causing some conflict and I removed the Cpanel autossl issued certificate from the subdomain crm.site.com and hoped that this would resolve the conflict if any.

However, I found out that the issue was not resolved with this.

My next step was to install cloudflare’s origin certificate to the subdomain separately but the Cpanel returned an error that this “origin Certificate” is already installed on main domain site.com.

While I was installing CF origin Certificate yesterday, my understanding was that the CF origin certificate will be valid for the main domain and all subdomains as well like crm.site.com. However, I noticed that the CF origin certificate is not covering crm.site.com.

In panic, I decided to uninstall CF origin certificate and issue Cpanel AUtoSSL certificate but that too returned error that Cpanel cannot run auto SSL because of some missing txt records in DNS. Now I can guess that Cpanel autossl is tyring to look for some txt records in DNS and since I am using CF DNS, the text record is not there.

My question is how do we manage the origin certificate in case the main domain has a subdomain as well?

Help will be appreciated. Thanks

You may have to create an origin certificate for each hostname individually. One for example.com, one for crm.example.com, etc. Then put them in cPanel. Hopefully cPanel won’t see them as duplicates (they aren’t) and will work.