I do have an email into the support email, ticket number 2443013, but it appears I may get help a little quicker here from what I’ve read?
I have a CNAME record pointing to the root domain which will not propagate as a CNAME, but will resolve as an A record.
The CNAME flattening option on my dashboard is greyed out.
This domain is hosted on Cloudways, and was momentarily activated via that platform and then deactivated as a free account is all it needs for now. I believe this may be related to this issue.
Please let me know if there’s any other info I can provide that would help resolve this.
You cannot have a CNAME at the root of a domain, so Cloudflare will always flatten the root to make it comply with DNS standards.
Thanks, it does appear that is correct. I guess what the issue is, or rather what this seems to be causing, is that anyone trying to go to the CNAME via HTTPS is being encountered with an error for a SSL certificate mis-match instead of being pushed to the root and getting the proper certificate.
So maybe this is actually a SSL issue?
I have several other domains set up the same way through Cloudflare and don’t have any certificate issue with going to the CNAME’s pointed at the root.
You are talking about two different protocol layers here, and they don’t care about each other (at least, they don’t care too much).
You can ignore the CNAME vs A record, it will not be relevant.
Your users are visiting
example.com, that’s what is in the address bar and what the SSL certificate needs to match. Is the DNS record for
example.com or on the dashboard? Exactly what error do they get? Is is a browser error, or a Cloudflare 52x error?
The root (example.com) domain is proxied on the dashboard, as is the CNAME for www.
The error that’s being received is SSL_ERROR_BAD_CERT_DOMAIN.
Early on, the non-https version of the www would also give a certificate error, but that was resolved by setting up a redirect (as below). I don’t believe this is the proper way of resolving the issue. Nor have I had to do this on any other domains with a www CNAME in place.
Forwarding URL (Status Code: 301 - Permanent Redirect, Url: https://example.com/$2)
Is this on a proxied record?
Yes, the record is proxied.
So this does appear to be an issue with the SSL certificate. Despite the dashboard showing an edge certificate for “*.example.com, example.com” the actual certificate itself is showing only the root domain and not the wildcard.
I don’t seem to have any option available to recreate the certificate, however. So I’m not sure how to fix it.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.