Custom 4th-level subdomain not working for workers

I have a worker and a domain which has been managed on Cloudflare. The 3rd-level subdomain like “a.domain.com” worked well and the webpage of the work could be shown up correctly. But when I tried to use a 4th-level subdomain like “b.a.domain.com”, it didn’t work and the browser returned a message like:

An error occurred during a connection to b.a.domain.com. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

The route of my worker has set to “b.a.domain.com/*” and there has been a DNS CNAME record “b.a” to “myworker.workers.dev”. The proxy status may not affect the result because I had tried DNS proxied and DNS only but both of them didn’t work.

What’s wrong with my settings, or if workers don’t support 4th-level subdomains? Thank you for any reply!

Workers do support 4th level domains but you need a valid SSL certificate.

The free Universal SSL certificate only covers example.com and *.example.com.

If you need to cover a 4th level, you would have to purchase Advanced Certificate Manager and order a certificate for *.sub.example.com.

3 Likes

Thanks for your early reply! But I wonder if I must purchase Cloudflare’s SSL certificates. I heard certbot could get free SSL certificates for domains managed by Cloudflare. Can I use it to save my money?

You must have a certificate loaded on Cloudflares edge.

The easiest solution if to drop the number of levels in your namespace, which will be covered by the standard Universal SSL certificates. Personally, I don’t see the need for multiple levels of DNS within a single domain. I use www-dev.example.com instead of www.dev.example.com.

If you are on a Business or Enterprise plan, you can upload a Custom SSL certificate, which could be a free Let’s Encrypt certificate. But Business plans run at USD200 a month, so this is probably not a viable solution for you.

If you don’t want to use a single level of subdomain, and don’t have a Business or Enterprise plan, then ACM is the only option.

1 Like

Also, ACM costs $10/month but the SSL certificates themselves are “free”, meaning you won’t pay more if you generate 25 certificates compared to if you generate 3.

You are right. Actually I don’t need to use “b.a.domain.com”. I didn’t consider “b-a.domain.com” at first because I thought a hyphen may slow down the speed of typing the URL. And I’ll give ACM a try. Thanks again!

I’ll give ACM a try. Thanks again!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.