I am currently prototyping a project for my company using CloudFlare SSL for Saas but I encountered an issue. We offer hosted websites to our customers, and we would like to try CloudFlare SSL for Saas to protect them with TLS. Those websites can be branded (ie. have custom domain like
So here is the setup I have:
I have my company DNS setup in cloudflare as follow (using that doc):
Proxied A record
proxy-fallback.mycompany.comto point to our internal
- (Not proxied) CNAME record
*.customers.mycompany.comto point to
- I have enabled SSL for Saas, and setup
proxy-fallback.mycompany.comas my origin. Also created a custom domain as
custom.awesomecustomer.com. This domain has been verified and the SSL certificate has been issued and valid
Now my “fake” customer domain is setup like that in another registar (google domains):
custom.awesomecustomer.comto point to
What’s happening now is interesting:
nslookup custom.awesomecustomer.com resolves the Origin IP instead of the proxy IP.
If instead I change the customer’s CNAME record to point to
proxy-fallback.mycompany.com, everything works fine (ie
nslookup custom.awesomecustomer.com resolves the proxy IP).
Do you have any idea what I could have done wrong here?
Thanks in advance