New to Cloudflare - Substack - throwing errors for both www and @


I signed up for Cloudflare because redirects from GoDaddy’s nameservers take forever to load!! I have a Substack custom domain - and they claim you SHOULD NOT use the Proxy server setting.

But in some browsers (latest versions of Chrome and Firefox) I’m getting the NET::ERR_CERT_AUTHORITY_INVALID error.

I have a CNAME set up for @ that goes to Substack but they state it should not be proxied. This is the domain that’s throwing the error for the certificate.

I also set up a CNAME for www that redirects to my main domain – that one’s throwing this error: Error 1014

I’ve tried to find out what I’m supposed to do on Cloudflare to redirect www to @ but to be honest, it only makes me realize how little I don’t understand about DNS records.

I’ve been with GoDaddy for years and this is how I’ve done it.

What’s happening and especially how do I get people over to my Substack?

Giving it a little more time seems to have fixed some of this – seemed to be related to Name Server propagation times. But I still don’t know how to fix the www issue, and right now, I have HTTPS set to “Off” but not sure if that matters.

Once it’s redirected to Substack it shows up as Secure.

Hi, can you clarify for me what exactly you want to achieve? I understand the following:

  1. User opens yourdomain.example in their browser - yourdomain.example is the visible address in the address bar, but the user sees your substack website.
  2. User opens www.yourdomain.example - address changes to yourdomain.example (and same as 1).

Is this correct?

Right now, if someone enters it goes to the Substack correctly, and it looks like it’s secure. I have HTTPS set to “Off” but since I’m only using the domain for forwarding it seems to be OK as Substack seems to be establishing a secure connection. Substack is masking the domain so that to the user, it looks like

But if they go to then I get Error 1014. I want them to be redirected to (and then to the substack).

Ok, then you probably want to

  1. Keep the CNAME record for @ at DNS-only
  2. Change your SSL mode in Cloudflare to Full-Strict
  3. Change the CNAME record for www to proxied
  4. Create a Redirect Rule in Cloudflare with the following settings:
When incoming requests match…
Hostname equals www.yourdomain.example
URL redirect
Type: Dynamic 
Expression: concat("https://yourdomain.example",http.request.uri.path)
Status Code: 302
Preserve Query String: Yes

302 is a temporary redirect. If the redirect works (test for 2 or 3 days), you can then change the status code to 301, which allows browser to cache the redirect and make it faster, but it’s best not to cache it at the beginning in case it does not work.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.