Answer these questions to help the Community help you with Security questions.
What is the domain name?
Describe the issue you are having:
I wanted to enable the proxy for my domain records www.gd.edu.kg and gd.edu.kg, but it said “This hostname is not covered by a certificate.” for both of them. Seems Cloudflare system treat .edu.kg domain as a third-level domain. But it is actually a second-level domain:
What error message or number are you receiving?
This hostname is not covered by a certificate.
There are no nameservers set for that domain. I can see in Whois that you had two listed:
These have reverted in the last few minutes to:
But the global DNS has nothing. Until you update the nameservers at your Registrar the domain will not be active on Cloudflare, and no certificates can be issued by Cloudflare.
~# dig ns gd.edu.kg @ns.kg
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN,
Seems the .kg registrar is very slow to delegate the nameserver. They says it needs 24 - 72 hours. I will follow up once the record works.
The delegation is working now.
The issue of SSL happens. Seems Cloudflare treat .edu.kg as a third-level domain, because when I open the link
https://gd.edu.kg/, it says the following:
This site can’t provide a secure connection
gd.edu.kg uses an unsupported protocol.
Seems the Universal SSL does not work.
If you were able to add it as a Cloudflare zone, then it doesn’t, or if you are on Enterprise and added it anyway, then it should still be able to issue you a Universal SSL Cert covering your apex.
In your Cloudflare Dashboard, in your website/zone settings for
gd.edu.kg, if you navigate to SSL/TLS → Edge Certificates, do you see a Universal Cert listed under Edge Certificates? If not, scroll down further and make sure Universal SSL is enabled.
Magic Link to that section: https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates
If you do see, it what status is it under?
It looks like you do have a certificate covering your www subdomain: https://www.gd.edu.kg/
Thanks for your reply. It is working right now. I think it is just a time issue. Cloudflare does support .edu.kg as a second-level domain.
Cloudflare uses the Public Suffix List, and in most situations you must add a domain that is eTLD+1.
Right now I only see one valid cert for that domain, and it covers both
gd.edu.kg, but it can take the CT log search a while to catch up with newly issued certificates.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.