Is using CNAME flattening with strict encryption supported?

(Domains and IP addresses have been changed to protect the innocent.)

I have a site hosted on a server called foo with the domain with an un-proxied A record pointing to IP address foo has a certificate from Let’s Encrypt for HTTPS connections to are working and terminate at foo.

I want to enable proxying, and enable strict SSL between Cloudflare and foo. I set up to point to, and got a new certificate for foo for, using Cloudflare DNS. HTTPS connections to are working.

So far so good!

I then changed the @ record for from an A record to a CNAME record pointing to, and turned on proxying. Since it’s the root, it is flattened. However, when I access, I get ERR_CERT_COMMON_NAME_INVALID errors. I’m sorry to say that I can’t tell you what details of the certificate error, since I had to revert the change to bring back online.

Is this a supported configuration? I.e., a flattened apex domain CNAME record from one domain to another, with strict SSL enabled between Cloudflare and the origin server?

If this is supported, and I just messed something up, I can try again and figure out what headers the browser/server were sending/receiving, which might yield more clues.

Thank you for reading!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.