Domain appears multiple times


I have a question that may have been answered and I just haven’t figure out the right term, if so feel free to direct me. If not, here’s my question:

  1. I’m fairly new to Cloudflare and am taking over an account that was created by someone else. I see something that looks odd to me under my Edge Certificates tab. I have 5 hosts entries all of which contain a duplicate found in another entry, for example let’s say my domain is, my entries look like:

Hosts Type Status Expires on

bar,com, survey,bar,com Advanced Active 2022-01-01

*,sso,bar,com, sso,bar,com, Advanced Active 2022-01-02
*,bar,com, bar,com

test,bar,com, bar,com, Advanced Active 2022-01-01

*,status,bar,com, *,bar,com, Advanced Active 2022-01-01

*,bar,com, bar,com Advanced Active 2022-01-01

As you can see, appears in every hosts entry and * appears in most hosts entry. It seems like there’s overlap here. If I try to relate this to certificates with alias it would seem to me that every certificate I have includes as an alias and most have an alias as *,bar,com. I’m trying to think what the overlap may result in. I don’t see what if any value there would be to have such overlap, I would think that a single entry with and *,bar,com would suffice for my needs and the other entries, such as survey,bar,com should stand well on it’s own. My expectation is that Cloudflare would perform lazy evaluation so the first URL that matches a cert CN will send that cert and the URL that matches the DNS proxy entry will serve the content, which is why Cloudflare doesn’t bind a cert with a specific proxy.

  1. Basically my question is, should I avoid having hosts with overlapping certificate CNs? Or is Cloudflare robust enough that I can have 100 hosts entries and each of them can contain bar,com and *,bar,com as well as any other CNs that I want?


PS sorry about the weirdness, I was getting an error that only 4 links were allowed so I used commas instead of periods in my domains.

ACM (Advanced Certificate Manager) seems to include the apex domain in every cert it issues. Not a big deal. Cloudflare knows how prioritize and deliver the right certificate for the connection.

Some certs look to have redundant subdomains, but I don’t believe it’s a problem, as I mentioned. At some point, you might want to be a little more organized, but if nothing’s broken, don’t worry about it.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.