How to enable 3rd party subdomain with SSL?

ssl
pagerules

#1

Hi

I’m trying to enable https on a subdomain but running into issues.

I’ve my images hosted on Zenfolio.com (similar to Smugmug etc) and they display via a subdomain on my site. ie gallery.mysite.com.

Currently the images are showing as http. I read on https://andwhatithink.com/how-to-enable-https-on-your-custom-domain-setup-with-smugmug-and-your-personal-cloudflare-accounts-6063e9746b94 that enabling SSL with CloudFlare was possible.

I’ve tried the same, it works for a few minutes, then gives various errors.

Flexible SSL from CloudFlare is currently working on www.mysite.com

However for gallery.mysite.com when I enable DNS & HTTP proxy (orange cloud) on the sub domain gallery.mysite.com things go a miss.

Initially all images show as https (green padlock etc) then they show error “Invalid URL” after a few minutes.

I’ve written the following page rules

http://gallery.mysite.com/ Always Use HTTPS - the url then redirects to the https url but I get the error invalid url again

I’ve tried adding https://gallery.mysite.com/$1 but get the same issue.

“too many indirect loops”

I’ve also written page rules to allow strict and full SSL but the same issue.

I feel like I’m missing something here as for the first few minutes everything works, then errors.

Any help would be greatly appreciated as I’m a bit lost on this


#2

If you want everything in your domain (and subdomains) to be served as SSL, you don’t need a special rule. Go to Cloudflare’s Crypto tab and turn on “Always Use HTTPS”

As for Page Rules in general, keep in mind they’re executed in order. Once it finds a matching page rule, it executes, then stops and doesn’t hit the other page rules…unless the executed page rule is a redirect that will generate a new request.

For those who didn’t read the tutorial link above, the catch is that SmugMug uses Cloudflare, which creates a bizarre Cloudflare-to-Cloudflare loop for those unaware.


#3

If I turn on “Always use https” I get the “Invalid URL” for images served from gallery.mysite.com if the orange cloud is turned on in DNS settings. If the orange cloud is not on, then nothing changes on gallery.mysite.com

Update: cleared cache. This actually seems to be working now!! Thank you so much! I hope it holds.

I spoke to soon. I’m back to “Your connection is not secure” all gallery.mysite.com urls :frowning:


#4

Are you trying to hotlink to images at your subdomain that points to Zenfolio? From these instructions:
http://www.zenfolio.com/us/z/help/support-center#/customer/en/portal/articles/407986-a-record-cname

It looks like a weird setup. They want an A record to point to a specific IP address, then a CNAME to point to a specific subdomain. Then your site needs to start with ‘www’ to be able to use this setup.

It could very well be that all you need is an A record for your subdomain to point to their IP address:
http://www.zenfolio.com/us/z/help/support-center#/customer/en/portal/articles/407799-a-record-cname-on-godaddy

And then you’ll need Flexible (maybe even Full/not strict will work if they support SSL) for your subdomain.


Removing link in old community post
#5

Thank you for your insight.

I use Zenfolio to host my images that display on [redacted]. I set up the custom domain name via Zenfolio so my images show as [redacted]. The image urls are equivalent to [redacted] etc.

I have set up the zenfolio CNAME record on CF for the sub domain gallery.example.com to “custom.zenfolio.com”. It will not allow me to enter a A name with “A CNAME already exists with that host” coming up.

So everything is working, and has been for several years like this. I never rerouted DNS or HTTP for my subdomains through cloudflare. I do use cloudflare for www.mysite.com. I have https via cloudflare working on several pages that have images self hosted (shared hosting). This is what I am trying to do now with the sub domain so my whole site can be https.

I’ve tried flexible SSL for the subdomain but still the same issue. All gallery.mysite.com images start out redirecting to https with green padlock etc. Then about 15 minutes later I get “invalid URL”.

Right now: I have enabled DNS/HTTP on clouflare (orange cloud). And Cloudflare’s Crypto tab to turn on “Always Use HTTPS”

When I do this on Chrome, the page loads as https but the image does not show. On other browser the https shows as not secure.

If I go directly to the image https://gallery.mysite.com/img/s2/v58/p1892141452-2.jpg Chrome tells me “Your connection is not private” and there’s an error message stating “NET::ERR_CERT_COMMON_NAME_INVALID
In advanced (chrome) it says “This server could not prove that it is gallery.mysite.com; its security certificate is from a248.e.akamai.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

I’ve tried flexible, full and strict SSL but all seem to come back with the same as above.

Hmmm. The fact that the images show up as https for a short time gives me hope. But, other than that I’m lost …

  • not sure if this helps but when the SSL does work at the start, the browsers advanced settings it shows me the *cloudflaressl.com cert.

  • In another small update, I turned all options off for the sub domain once the images started showing as unsecure. Within minutes they show as secure. Presumably as DNS propagates. Just makes me think there’s one thing I’m missing in the settings somewhere that’s blocking from this working properly.

  • one more update the https image urls are coming back with “The requested URL “http://%5bNo%20Host%5d/img/s6/v142/p2139561915-2.jpg”, is invalid.”


#6

Did you get this set up DTtheme?
I’m trying to set up my subdomain with zenfolio. I’ve just started cloudflare on my site again, I remember this is the reason I turned it off last time.


#7

Sorry for the late reply, I only saw it when I logged in.

Zenfolio announced they’ll be enabling ssl on in July this year.http://www.zenfolio.com/us/z/help/support-center#/customer/en/portal/articles/2930787-zenfolio-sites-moving-from-http-to-https-