Invalid SSL Certificate for custom hostnames

I’ve enabled Custom Hostnames for my domain, and added a fallback domain which works correctly when accessed. When I add a new custom domain, and then point that custom domain to my main domain via a CNAME record, I get a “Invalid SSL Certificate” error when accessing the custom domain.

Any ideas what could be causing this? I’ve attached screenshots of the setup.

Does the SSL certificate on your server cover the hostname you are trying to access?


Hi. Yes, it was issues by LetsEncrypt and includes wildcards.

And it covers your customer’s hostname, not just yours?

1 Like

As far as I can tell, yes. Is there a way to confirm this 100%?

You could look at the SAN field in the certificate. You can see an example in this offiste article.


You can use the following command if you have curl available (download if not): curl -v --connect-to ::actual-server-ip.

This will use your customers hostname but bypass the Cloudflare proxy to see the certificate that is actually served to Cloudflare.
Just replace and actual-server-ip.


Thanks for your help with this, appreciate it!

This is what I get when I curl:

* Connecting to hostname:
*   Trying
* Connected to ( port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B458:SSL routines:ST_CONNECT:tlsv1 unrecognized name
* Closing connection 0
curl: (35) error:1404B458:SSL routines:ST_CONNECT:tlsv1 unrecognized name

Does this mean the certificate does not cover the customer’s hostname?

Thank you! Managed to find the issue now. Was an Ngnix config issue that was not handling wildcard server names correctly.

For anyone else encountering this while trying to use Laravel Forge to create a server with Cloudflare Custom Hostnames for Saas, you need to update this line in your Nginx config:

server_name ~^(www\.)?([a-z0-9-]+)(\..+)?$;