Hi. Im a little confused by something. My main domain is on cloudflare. Most of the A records are proxied.
This main domain has a subdomain.
This subdomain is associated to its own domain name.
Now, cpanel SSL is giving me warning about the subdomain and its domain name.
For the subdomain, it says “The installed certificate does not cover this domain. The certificate will not renew via AutoSSL because it was not issued via AutoSSL”
For the subdomain’s domain name, it says “Domain Validated
Expires on October 27, 2021. The certificate will not renew via AutoSSL because it was not issued via AutoSSL”
In cloudflare, the DNS records have no matches for this subdomain or its domain name.
What does all this mean? Should my SSL for this subdomain and its domain name be with cloudflare or cpanel? If cloudflare, how do i add it?
Cpanel emailed me saying the subdomain ssl expires soon, and that the domain name will lose ssl coverage. I dont know how to renew this ssl for the subdomain.
Would be thankful for any help
If using AutoSSL from cPanel, to renew it (including the one which covers all of your sub-domains too), you could temporary disable (
) on the DNS records or toggle
Pause Cloudflare on Site option for your Website.
Usually, I knew to switch from
(proxied) to (DNS-only) cloud, wait for a few minutes, then wen to cPanel and run the AutoSSL to generate a new SSL certificate.
After the process finished and completed, I switched back from
(DNS-only) to cloud (proxied) and all done
Just to keep a note, keep the
A mail record (or some other hostname regarding your e-mail)
(DNS-only) to make sure it works propperly:
This tutorial covers the steps you should take if, when you change your domain to point to Cloudflare, you no longer receive emails to your domain. If you follow this tutorial and still need further help, please let us know what you have tried and share your domain name and, if possible, a redacted screenshot of your DNS records in Cloudflare.
[Cloudflare Community Tutorial - Troubleshooting Email Delivery Issues]
1. Do you have the correct MX records set for your domain?
Hopefully, you are using an
Full (Strict) SSL option
under the SSL/TLS tab of Cloudflare dashboard for your domain:
Unencrypted & unverified connections
Imagine you open Paypal and suddenly get that warning
Would you continue? Probably not. For decades leaders in IT security have advocated that people upgrade their sites from unencrypted HTTP to secure HTTPS. And for a reason, everything you send via an HTTP connection is sent in plain text and can be intercepted at any point between you and the server.
Equally, you’d probably not proceed if you got such a warning, right?
That’s when th…
This tutorial covers getting SSL working with Cloudflare in various different scenarios.
This assumes you already have your website set up on Cloudflare with all your DNS records set to
, if not - please visit Step 1.
Do you want the website to use HTTPS?
YesDo you already have a valid SSL certificate installed on your server (i.e. does it already load over HTTPS with a )?
If your website already works over HTTPS, you can just set your SSL mode in Cloudflare to Full (strict)…
Thank you for this excellent answer. Yes I have not proxied the A record for the mail subdomain as when I proxied it, my mail stopped working !
I managed to ssl the subdomain by adding an A record to cloudflare dns so that’s sorted that.
I will unproxy / pause cloudflare and then try to use auto ssl for the domain name that points to the subdomain.
May I just add a note, the only issue I assume it could be if using a sub-domain with it’s www prefix too, like example
www.sub.yourdomain.com instead of linking to any resource from
sub.yourdomain.com at your production Website
That way, you would have the issue like below stated:
This tutorial covers a possible reason for the SSL_ERROR_NO_CYPHER_OVERLAP and ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors (Firefox and Chrome respectively) when seen on a subdomain.
The Cloudflare universal certificates cover example.com and *.example.com. This means that it covers any subdomain one level below the domain you signed up with.
It will cover www.example.com and subdomain.example.com, as these are one level below the root domain, example.com.
The certificate will not cover www.sub…
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.