Im trying to allow other companies to host their own subdomains that contain something our website serves to them. So, their subdomain should cname into our domain, [companyname].delve.co (we have *.delve.co as a wildcard domain, proxies on). we have full (strict) tls setup, but seem to get sls errors, even if the domain the redirect comes from is a Cloudflare hosted domain.
What steps have you taken to resolve the issue?
Tried different TLS modes (full, strict)
Reconfigured my cloudflare worker setup to make sure all routes are handled.
When I bring my TLS to “flexible” (I cant keep it here, because CORS restrictions in my app break my app), I can get to a vercel domain (which should not be the case, for some reason the DNS request is not being caught by a cloudflare worker.)
The flow should be:
[companyDomain] → [companyName].delve.co (through CNAME) → Worker catches this → Serves the client through a certain path we have on our website.
Yet, the first hop isnt happening correctly. If I go to the second point, the worker works correctly.
Will adding Custom hostnames, will the 525 error be fixed, or do I need to change something else about my setup? Also, why do I get a 525 in the first place here, given that the setup doesn’t have any part without ssl.
The fallback origin is already covered by a certificate. The domain I am testing on is on the same cloudflare account, and has a certificate for that domain. Both of them (the testing one and the on I test on) have total TLS enabled with valid certificates issued. I also added the relevant txt record.
The 525 you see is because your server doesn’t have a certificate for the domain. However, when the custom hostname is active, your server only needs to have a certificate for the Fallback Origin I believe.