I use paid Custom Hostnames feature without success

Hey, I followed this article (https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/) in order to set up “Standard Cloudflare for SaaS configuration” (https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/#standard-cloudflare-for-saas-configuration).
The SSL is still not working for me for custom hostname. I will explain what
The domain on Cloudflare is example.com
The Custom Hostname: www.site.com

On the DNS manager of example.com:

  1. A record (proxied) | host: proxy-fallback.example.com | point to: (IP of my server)
  2. CNAME record (not proxied) | host: *.sites.example.com | point to: proxy-fallback.example.com

On the SSL/TLS Custom Hostnames page I have this info:

  1. Fallback Origin status: Active
  2. Certificate status: Active
  3. Hostname status: Active
  4. The Fallback Origin: proxy-fallback.thedevelopmentserver.com

On the DNS manager of site.com (GoDaddy):

  1. CNAME record | host: www.site.com | point to: test.sites.example.com

By the guide I should go to www.site.com and to have a valid SSL pointing to (proxied).
Actual results: SSL is not valid and signed for “localhost”.

Issued to / Issued by:
Common Name (CN)	localhost
Organization (O)	localhost
Organizational Unit (OU)	localhost

What I’m doing wrong please?

Hello @llioor ,

Can you enable proxy for the follow record?

CNAME record (not proxied) | host: *.sites.example.com | point to: proxy-fallback.example.com

OMG, can’t believe it was a distance of one click from me!
Thank you very much, it is working!

Please update your docs:

  • A proxied A, AAAA, or CNAME record pointing to the IP address of your fallback origin (where Cloudflare will send custom hostname traffic).
  • A CNAME record that points your CNAME target to your fallback origin (can be a wildcard such as *.customers.saasprovider.com).

We can see that we use “proxied” keyword on the A record but not in the CNAME record.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.