Naked domain https doesn't work, www works

Why https for https://sunlightsoftware.co.uk/ not working?
https://www.sunlightsoftware.co.uk/ is working?

After I upload the origin certificate to the google app engine, then cloudflare generate universal SSL certificate.

sunlightsoftware.co.uk/ is showing issue by: CloudFlare Origin CerticateSSL Certificate Authority
and
www.sunlightsoftware.co.uk/ is showing Iuuse by: Cloudflare Inc Ecc CA-3

I do not know why sunlightsoftware.co.uk is using CloudFlare Origin CerticateSSL Certificate ?

DNS setting is:

;; A Records
sunlightsoftware.co.uk. 1 IN A 216.239.32.21
sunlightsoftware.co.uk. 1 IN A 216.239.34.21
sunlightsoftware.co.uk. 1 IN A 216.239.36.21
sunlightsoftware.co.uk. 1 IN A 216.239.38.21

;; AAAA Records
sunlightsoftware.co.uk. 1 IN AAAA 2001:4860:4802:32::15
sunlightsoftware.co.uk. 1 IN AAAA 2001:4860:4802:34::15
sunlightsoftware.co.uk. 1 IN AAAA 2001:4860:4802:36::15
sunlightsoftware.co.uk. 1 IN AAAA 2001:4860:4802:38::15

;; CNAME Records
test.sunlightsoftware.co.uk. 1 IN CNAME ghs.googlehosted.com.
www.sunlightsoftware.co.uk. 1 IN CNAME ghs.googlehosted.com.

From the above A and AAAA records, seems to me they aren’t being proxied via Cloudflare?
Check if the records are :grey: or :orange: cloud.
Switch them to :orange: cloud.

Furthermore:
https://sunlightsoftware.co.uk/

May I ask have you selected Full (Strict) SSL option from SSL/TLS tab at Cloudflare dashboard?

https://sunlightsoftware.co.uk/ get’s me SEC_ERROR_UNKNOWN_ISSUER, while the SSL cert I see is the Cloudflare Origin one.

x-powered-by: Blood, sweat, and tears.
server: Google Frontend

Thanks Fritexvz,

the ssl works now after I changed A and AAAA records. I use Full (Strict) SSL option from SSL/TLS tab.

Thank you very much.

I also have another question regarding naked domain 301 redirect to www.

I created a page rule for 301 redrect

But https://sunlightsoftware.co.uk/ doesn’t redirect to https://www,sunlightsoftware.co.uk/

1 Like

I am glad to hear that.

Regarding non-www to www (HTTPS), can you try writing a Page Rule like the below one and write back if it works?:

  1. Field: sunlightsoftware.co.uk/* (notice here without https:// prefix)
  2. Option: Forwarding URL, 301 Permanent redirect
  3. Field: https://www.sunlightsoftware.co.uk/$1

Source article for better explanation and more details here:

Maybe, it can have some impact as if you are already using like CNAME domain record pointed to www domain, or vice-versa - I am not 100% sure as I am not using CNAME so much.

Note: Have you got the HSTS option enabled?
SSL/TLS tab → Edge Certificates menu → HTTP Strict Transport Security (HSTS) section

Watch out for typo’s, like above www , (comma) or . (dot) - the difference and we can make a mistake when in hurry without noticing :wink:

Have in mind, maybe there could be some cache either at Cloudflare or your Web browser while testing, so give it some few minutes, or try for a few minutes back again using different Web browser or a Private Window, if so.

Thanks Fritexvz and your time.I really appreciate your generous help.

It is still not working.
I modified page rule(removed https://) and also disabled HSTS option after learned the tutorial you provided.

I even changed DNS which remove cname.

Are the two name servers at the bottom of your DNS page Brett and Zoe?

Yes sir. it is Brett and Zoe.

Google App engine ask to update DNS setting like the screenshot
image

Then something’s probably wrong with your Cloudflare DNS and you’ll need to open a ticket: support AT cloudflare DOT com

Post the ticket # here once you get a reply. If they auto-close the ticket, reply and let them know your Page Rule still doesn’t work. Keep replying to the bot until it escalates to a human.

1 Like

Thanks Sdayman,

I will do

ticket number is: 2223266

Maybe, hm, you need to configure something at the googlehosted.com end as the application or something other? (just being curious)

Maybe you need to map naked domain to www on App Engine?:

For Cloudflare as a DNS manager for your custom domain over your App Engine project:

Some other sample:

Maybe, from below article about CNAME @ and www, as you provided the screenshot about CNAME www and depending how Google App is handling this?:

How exactly you do that - it depends on your app’s handler implementation. Check the documentation for the framework you use.

And, of course, you need to map both the naked domain and the www domain to your app.

I mean, checking the redirection with the tool:

For each HTTP both non-www and www and then HTTPS again non-www and www, I do not see any redirection to www or vice-versa.
HTTP non-www goes to HTTPS non-www and HTTP www goes to HTTPS www

  • it treats it separated, there is no non-www to www or vice-versa