(Domains and IP addresses have been changed to protect the innocent.)
I have a site hosted on a server called foo
with the domain bar.com
with an un-proxied A record pointing to IP address 1.2.3.4
. foo
has a certificate from Let’s Encrypt for bar.
com. HTTPS connections to bar.com
are working and terminate at foo.
I want to enable proxying, and enable strict SSL between Cloudflare and foo
. I set up bar.net
to point to 1.2.3.4, and got a new certificate for foo
for bar.net
, using Cloudflare DNS. HTTPS connections to bar.net
are working.
So far so good!
I then changed the @ record for bar.com
from an A record to a CNAME record pointing to bar.net
, and turned on proxying. Since it’s the root, it is flattened. However, when I access bar.com
, I get ERR_CERT_COMMON_NAME_INVALID errors. I’m sorry to say that I can’t tell you what details of the certificate error, since I had to revert the change to bring bar.com
back online.
Is this a supported configuration? I.e., a flattened apex domain CNAME record from one domain to another, with strict SSL enabled between Cloudflare and the origin server?
If this is supported, and I just messed something up, I can try again and figure out what headers the browser/server were sending/receiving, which might yield more clues.
Thank you for reading!