Need help installing SSL for subdomain on NGINX

Hello fellow Cloud-a-flareans. Rookie here seeking for help.

I have setup a web server running on NGINX on Debian 9 Stretch and managing my domain on Cloudflare.

I managed to install an SSL cert for my root domain using certbot with the dns-Cloudflare argument to install a Cloudflare SSL. This is one works flawlessly when accessing the root domain, say or its www subdomain. The root domain serves a WordPress installation.

I want to serve a Prestashop installation on a sub-domain -
I’ve already installed Prestashop and can access it through the shop sub-domain but can’t get a Cloudflare SSL working on that particular sub-domain. Any ideas on how to go about this?

Also, I can only access the Prestashop installation at the shop sub-domain ONLY if I disable Cloudflare proxying on the particular sub-domain. If I enable proxying on it, the shop subdomain redirects to the root domain whereas I can access the WordPress installation on the root domain when it’s proxied. Kindly assist on this too.

dns-Cloudflare does not issue a Cloudflare certificate but only validates a regular LE certificate via automatically created Cloudflare DNS records.

If you need assistance in setting up an LE certificate you are better off to ask at

Alternatively you could have also an Origin certificate issued by Cloudflare, which you’d be doing via the Cloudflare control panel.

1 Like

Oh, thanks.

Any idea on proxying the shop subdomain and getting it to access its resources?

Can you post the actual URL and describe what you experience and what should happen instead?

It’s quite simple. The root domain is enabled on Cloudflare’s proxy. The Wordpress resource under that root domain is accessible when proxied, but for the shop subdomain, the Prestashop installation can’t be accessible when Cloudflare’s proxy is enabled on it; redirects to the root domain and displays the contents of the Wordpress installation. The Prestashop installation is only accessible when proxy is disabled on that shop subdomain

Could be many reasons. Not going to speculate at this point.

It sounds like you have something like
Then you have something like
And you have

If so, and you want SSL, you would need a Dedicated SSL certificate with custom host names. Regular SSL certificates here only go as deep as * Not *.*

Thanks for your reply.

I have / - Wordpress is installed here

I need SSL for where Prestashop is installed

Are you able to post the actual site?

1 Like

Actual site is where you’ll get Wordpress.

The Prestashop is at where I need the SSL and proxy

I’m from Kenya incase you’re wondering about the domain

Your shop host does not proxy through Cloudflare and hence Cloudflare’s certificate does not take effect. I could have already told you that 21 hours ago :wink:

Thanks @domjh for finally getting the OP to post the URL.

1 Like

And if I proxy the shop subdomain, it redirects to

That’s my issue

Alright, but right now it does not load shop either, but redirects to the naked domain, just like the www host.

Thats is an issue on your server, where you redirect shop to somewhere. Proxying rarely is the reason for such issues. You probably have somewhere a missing or incorrect virtual host configuration.

Okay, let me check. is accessible now, you may check it out. Only accessible when proxy through Cloudflare is disabled, otherwise redirects to

My guess at this point would be something about forced HTTPS (and yes, shop on HTTPS does redirect to your naked domain), but thats a guess.

Try enabling the proxy now.

I’ve enabled it now, kindly check

shop still points to the origin.

What’s the SSL setting for your domain? Is it Full (Strict)?

I wasn’t awake earlier (West Coaster, here), so I couldn’t check the behavior. Was the Shop subdomain running over HTTP or HTTPS?

I’m betting it was HTTP, and you have a Full SSL setting here, but that subdomain isn’t configured for SSL at your host.

The problem is most likely that this particular host is not served via HTTPS and an HTTPS request hits the default configuration which redirects back to the naked domain.