Cname ssl not propagating

new domain
https://workshopmexico.com/
added as an App to Cloudways server with Wordpress
added Nameservers at Godaddy for Cloudflare redirection
added A record 68.183.198.79 to point to Cloudways
waited 48 hours

added CNAME info at Cloudflare to activate Lets Encrypt SSL certificate using 3 CNAME records:

_acme-challenge
wordpress-578318-2704517.cloudwaysapps.com

_domainconnect
_domainconnect.gd.domaincontrol.com

www
workshopmexico.com

waited 48 hours

now when i check A record propagation on whatsmydns.net it is OK
BUT
when i check CNAME record propagation on whatsmydns.net it is NOT OK ???

Please advise how to confirm SSL is up and running, thanks!

The records are all in place, however they are proxied and hence not CNAME records.

If you need a CNAME record, unproxy them.

You should also check your encryption mode, as you seemingly have an insecure setting. It should be Full Strict.

You should also fix your server certificate.

ok, i have unproxied them and made it full strict
how do i fix the server cert?

also, the www record now gives a warning:
This record exposes the IP behind workshopmexico.com which you have proxied through Cloudflare. To fix this, change its proxy status.

For the server certificate you simply need to get a proper certificate. Your host should actually handle that, respectively isn’t that what you are trying to do with the challenge record?

As for the message, sure, if you unproxy these records will resolve directly to the configured addresses but that’s what you need after all. You can probably keep the www record proxied.

You can also check out Cloudflare’s Origin certificates.

Thanks! the server cert is Lets Encrypt and free so thats enough for the moment,
should i therefore switch to Full instead of Full (strict)?

but the Cloudflare Origin cert sounds good, between CF and my server, right?
how do i set that up?

No, it should be Full Strict.

Sure.

Just follow the documentation on that.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.