Need help adding subdomain with Digital Ocean

I’m trying to add a subdomain on Cloudflare to my Node server on Digital Ocean Ubuntu Droplet.

I’ve tried looking around Cloudflare and DigitalOcean and asking ChatGPT/Claude but wasn’t able to get it figured out.

Here are the steps I’ve taken so far, let’s call my app myapp and I’m trying to create

Configuring Cloudflare DNS Settings

Created A Record for admin, looks like this:

Type: A

Name: admin (tried doing admin myapp com but it auto corrects to admin)

Content: 123 /.45 /.678 /.900 (Let’s just say that’s my IP address from Digital Ocean)

Proxy Status: Proxied

TTL: Auto

Cloudflare SSL/TLS Settings

I have it set to Full (Strict)

I also have Edge Certificates where it looks like this:

Hosts: * myapp com, myapp com

Type: Universal

Status: Active

Expires on: 2024-12-31 (Managed)

Making sure my Node server is reachable

Checked Firewall settings and it was inactive at first and I turned it on and restarted settings and added rules for port 80, 443, and 3000

I’ve used ps aux | grep node and see the node app

I try sudo ufw status verbose

To Action From

443 / tcp ALLOW IN Anywhere

80 / tcp ALLOW IN Anywhere

3000 ALLOW IN Anywhere

I’ve used pm2 status and see my app is online

I’ve also restarted it after doing Firewall changes

I’ve gone to http 123,45,678,900:3000 and I get to my app

I’ve gone to http admin myapp com and it’s insecure but I get to the nginx root

But when I try to go to https admin myapp com, I get a 521. It’s been more than 24 hours since I changed it.

I’ve tried turning Proxy to DNS only and it says my website can’t be reached now.

Actually it’s been awhile since I visited while writing this post and when I go to http admin myapp com 3000, it reaches it but it’s unsecure.

How can I make it secure? How can I make the https admin myapp com go to 123 45 678 900:3000?

Do I need a CNAME or something for it?

I don’t have firewalls on Cloudflare. Are there more firewalls things I need to do on DigitalOcean?

I’ve also read that I can’t have it serve on localhost but 0 /.0 /.0 /.0? I don’t know how true that is because I cna access the server through the public IP address.

Any help on this is appreciated! I’m also being told I’m supposed to buy a domain but I already have a domain? I’m also being told the server itself needs an SSL Cert but I’m also being told it just needs to be handled on the Cloudflare side so I’m not sure who to believe anymore. Appreciate the help!

Sorry I’m new to Cloudflare forums and it was giving me errors with posting more than 4 links so if some formatting is weird it’s because I was tryin to go around it
Here’s the link I was referencing though