Background:
My CF account was setup originally via Siteground as a partner. But then I read an article asserting that DNSSEC was required to fully secure one’s domain. Siteground doesn’t offer DNSSEC, but Namecheap (my registrar) does.
I restructured my CF free account as follows:
following this post:
1 Deactivated my Cloudflare account via Siteground and deleted the website in CF.
2 Started over with my same CF account, pointing my Namecheap-registered domain to Cloudflare’s servers
3 added root domain to CF & enabled DNSSEC, following this tutorial: https://www.namecheap.com/support/knowledgebase/article.aspx/9722/2232/managing-dnssec-for-domains-pointed-to-custom-dns
CF automagically brought over (from Siteground?) several TXT files of acme-challenge, DKIM/domain key, and SPF/DMARC records for the main domain, but none for the subdomains.
I’ve tried adding the subdomains using A records, CNAME records, and combinations, none of which has worked.
I have searched the community, watched videos, and read all I can find about subdomain DNS records.
4 Latest configuration, I added DNS records for
smarterjoy.com
courses.smarterjoy.com
pages.smarterjoy.com
resources.smarterjoy.com
tmfiles.smarterjoy.com
It didn’t work (more below)
5 Checked my .htaccess file, removed allow,deny commands; removed force https; confirmed CF SSL is set to Full
6 Checked root domain according to this
The analysis at http://dnsviz.net/ matches the “Example without DNSSEC” in the linked post,** even though Cloudflare says “Success! smarterjoy.com iOS protected with DNSSEC”
This article says I must add DNSSEC to each subdomain:
But it appears this is impossible if registered at Namecheap & hosted at Siteground?
After spending 3 days trying to make this work, I found an article that argues against implementing DNSSEC in the first place:
https://sockpuppet.org/blog/2015/01/15/against-dnssec/
Current Results:
Smarter Joy appears to work
courses subdomain redirects to root
pages subdomain - white screen of death
resources subdomain - white screen of death
tmfiles subdomain - “can’t provide a secure connection, uses an unsupported protocol”
I’ve also cleared my browser cache and flushed CF cache multiple times.
I am beyond frustrated. Should I go back to my original configuration? (DNS pointed to SG, add root & subdomains via the SG cPanel?).
Any insight or assistance would be appreciated.
Thanks!
Morgan