Mask subdomain SSL Cert

One of our domains has a few subdomains and I was asked if we could mask the SSL cert we have for that specific subdomain (it is a Let’s Encrypt cert). As in, it can show anything else but that Let’s Encrypt cert we have in use.
I set the CloudFlare proxy on that CNAME entry to see if that would work. It may not have yet propagated but is there anything else I would need to do? Do I need to set the CloudFlare proxy on the A record entry for the domain, as well?

Once the change you made to enable proxying in CF has propagated, you should see the Cloudflaressl issued by Comodo/Sectigo.

Do I only need to set the CF proxy on that subdomain (CNAME) or do I need to set it on the A records, too?

If that subdomain is proxied, then it will show the Comodo/Sectigo (or one signed by the Cloudflare CA, cross-signed by DigiCert) certificate as you intend.

In general, that should be it. Just, if you go to any zone that is grey clouded :grey: the Cloudflare proxy won’t kick in and the certificate on your origin will show.


Note that, in order to use CF, you cannot proxy a “substantial amount of non-HTML content”. Make sure that subdomain is a subdomain with some content of its own, and that it doesn’t end up serving mostly images/files/etc. If this is a “mostly non-HTML static files” subdomain, your root domain/where your main content is will also have to be on Cloudflare. See section 2.8 of the terms.

This topic was automatically closed after 30 days. New replies are no longer allowed.