Cloudflare ssl and subdomans

Hi. Im a little confused by something. My main domain is on cloudflare. Most of the A records are proxied.
This main domain has a subdomain.
This subdomain is associated to its own domain name.

Now, cpanel SSL is giving me warning about the subdomain and its domain name.

For the subdomain, it says “The installed certificate does not cover this domain. The certificate will not renew via AutoSSL because it was not issued via AutoSSL”

For the subdomain’s domain name, it says “Domain Validated
Expires on October 27, 2021. The certificate will not renew via AutoSSL because it was not issued via AutoSSL”

In cloudflare, the DNS records have no matches for this subdomain or its domain name.

What does all this mean? Should my SSL for this subdomain and its domain name be with cloudflare or cpanel? If cloudflare, how do i add it?

Cpanel emailed me saying the subdomain ssl expires soon, and that the domain name will lose ssl coverage. I dont know how to renew this ssl for the subdomain.

Would be thankful for any help

If using AutoSSL from cPanel, to renew it (including the one which covers all of your sub-domains too), you could temporary disable (:grey:) on the DNS records or toggle Pause Cloudflare on Site option for your Website.

Usually, I knew to switch from :orange: (proxied) to :grey: (DNS-only) cloud, wait for a few minutes, then wen to cPanel and run the AutoSSL to generate a new SSL certificate.

After the process finished and completed, I switched back from :grey: (DNS-only) to :orange: cloud (proxied) and all done :slight_smile:

Just to keep a note, keep the A mail record (or some other hostname regarding your e-mail) :grey: (DNS-only) to make sure it works propperly:

Hopefully, you are using an Full (Strict) SSL option under the SSL/TLS tab of Cloudflare dashboard for your domain:

Thank you for this excellent answer. Yes I have not proxied the A record for the mail subdomain as when I proxied it, my mail stopped working !

I managed to ssl the subdomain by adding an A record to cloudflare dns so that’s sorted that.

I will unproxy / pause cloudflare and then try to use auto ssl for the domain name that points to the subdomain.

1 Like

May I just add a note, the only issue I assume it could be if using a sub-domain with it’s www prefix too, like example www.sub.yourdomain.com instead of linking to any resource from sub.yourdomain.com at your production Website :wink:

That way, you would have the issue like below stated:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.