Is using CNAME flattening with strict encryption supported?

(Domains and IP addresses have been changed to protect the innocent.)

I have a site hosted on a server called foo with the domain bar.com with an un-proxied A record pointing to IP address 1.2.3.4. foo has a certificate from Let’s Encrypt for bar.com. HTTPS connections to bar.com are working and terminate at foo.

I want to enable proxying, and enable strict SSL between Cloudflare and foo. I set up bar.net to point to 1.2.3.4, and got a new certificate for foo for bar.net, using Cloudflare DNS. HTTPS connections to bar.net are working.

So far so good!

I then changed the @ record for bar.com from an A record to a CNAME record pointing to bar.net, and turned on proxying. Since it’s the root, it is flattened. However, when I access bar.com, I get ERR_CERT_COMMON_NAME_INVALID errors. I’m sorry to say that I can’t tell you what details of the certificate error, since I had to revert the change to bring bar.com back online.

Is this a supported configuration? I.e., a flattened apex domain CNAME record from one domain to another, with strict SSL enabled between Cloudflare and the origin server?

If this is supported, and I just messed something up, I can try again and figure out what headers the browser/server were sending/receiving, which might yield more clues.

Thank you for reading!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.