HTTPS DNS records should not be added for subdomains that do not support HTTPS

Website, Application, Performance DNS & Network
1

My multi-level domain won’t open in Chrome.

  1. Add a multi-level domain name: a.b.c.renfei.net
  2. Enable Cloudflare proxy.
  3. Access using Chrome.

The multi-level domain name does not have an SSL certificate, but I want to use http access.

WX20231016-170732
WX20231016-1707321448×699 69.2 KB

Chrome will force redirect to https.

Because of Chrome feature: Chrome Platform Status

Query the HTTPS DNS records of multi-level domain names:

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;a.b.c.renfei.net.		IN	HTTPS

;; ANSWER SECTION:
a.b.c.renfei.net.	300	IN	HTTPS	1 . alpn="h3,h2" ipv4hint=104.21.16.38,172.67.166.21 ipv6hint=2606:4700:3033::6815:1026,2606:4700:3035::ac43:a615

Why do multi-level domain names that do not support HTTPS have HTTPS records?

2 Likes
4

Hello renfei

When you enable Cloudflare proxy for your multi-level domain name, Cloudflare automatically creates an HTTPS DNS record even if your subdomain doesn’t support HTTPS. This is because Cloudflare secures communication between users and your domain using HTTPS by default for proxied domains.

If you want to use only HTTP, you need to disable the Cloudflare proxy and make sure your website server is not redirecting HTTP to HTTPS. This way, the HTTPS DNS record will not be applicable and Cloudflare will route traffic directly to your server, effectively not enforcing HTTPS.

Regards

2 Likes
5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.