I have Kubernetes server in Linode and use Origin CA for SSL between Cloudflare and my server. I have 2 A record, mydomain.dev (root) and *.mydomain.dev (wildcard).
If I’m not mistaken, Origin CA is only valid for connection Cloudflare and my server. I notice that wildcard domain is not proxied, is that mean when I hit *.mydomain.dev I didn’t get universal SSL? and so it hit straight to my server that use Origin CA as SSL, hence it’s not valid?
I can’t get my head around it because even when I hit my root domain I still get Error 526, invalid SSL certificate even tho my root domain it is proxied.
I’m even more confuse when see under Edge Certificate, universal SSL for my root domain and wildcard is active. so is DNS only on my wildcard domain use universal SSL or not?
You can’t Proxy a wildcard DNS entry unless you’re on an Enterprise plan.
If the root is proxied, and you’re getting a 526, then Cloudflare isn’t seeing a certificate it recognizes. You can verify this with a direct connection to the origin to inspect the certificate:
Proxy a wildcard DNS entry unless you’re on an Enterprise plan.