.edu.kg domain support

Website, Application, Performance Security
1

Answer these questions to help the Community help you with Security questions.

What is the domain name?

gd.edu.kg

Describe the issue you are having:

I wanted to enable the proxy for my domain records www.gd.edu.kg and gd.edu.kg, but it said “This hostname is not covered by a certificate.” for both of them. Seems Cloudflare system treat .edu.kg domain as a third-level domain. But it is actually a second-level domain: https://en.wikipedia.org/wiki/.kg.

What error message or number are you receiving?

This hostname is not covered by a certificate.

2

There are no nameservers set for that domain. I can see in Whois that you had two listed:

HARMONY.NS.CLOUDFLARE.COM
JOSH.NS.CLOUDFLARE.COM

These have reverted in the last few minutes to:

NS1.JUSTHOST.RU
NS2.JUSTHOST.RU

But the global DNS has nothing. Until you update the nameservers at your Registrar the domain will not be active on Cloudflare, and no certificates can be issued by Cloudflare.

~# dig ns gd.edu.kg @ns.kg
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN,
3

Seems the .kg registrar is very slow to delegate the nameserver. They says it needs 24 - 72 hours. I will follow up once the record works.

4

The delegation is working now.

The issue of SSL happens. Seems Cloudflare treat .edu.kg as a third-level domain, because when I open the link https://gd.edu.kg/, it says the following:

This site can’t provide a secure connection

gd.edu.kg uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Seems the Universal SSL does not work.

5

If you were able to add it as a Cloudflare zone, then it doesn’t, or if you are on Enterprise and added it anyway, then it should still be able to issue you a Universal SSL Cert covering your apex.

In your Cloudflare Dashboard, in your website/zone settings for gd.edu.kg, if you navigate to SSL/TLS → Edge Certificates, do you see a Universal Cert listed under Edge Certificates? If not, scroll down further and make sure Universal SSL is enabled.
Magic Link to that section: https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

If you do see, it what status is it under?

It looks like you do have a certificate covering your www subdomain: https://www.gd.edu.kg/

6

Thanks for your reply. It is working right now. I think it is just a time issue. Cloudflare does support .edu.kg as a second-level domain.

1 Like
7

Cloudflare uses the Public Suffix List, and in most situations you must add a domain that is eTLD+1.

Right now I only see one valid cert for that domain, and it covers both *.gd.edu.kg and gd.edu.kg, but it can take the CT log search a while to catch up with newly issued certificates.

https://api.certspotter.com/v1/issuances?domain=gd.edu.kg&expand=dns_names&expand=issuer&expand=revocation&expand=problem_reporting&expand=cert_der

3 Likes
8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.