Resolution to a domain in another DNS provider

I want to do the following and I’m not sure how to achieve it.

I own two domains and, my intention is to have resolve to


  • is registered via Route 53 with AWS and the DNS is managed using a Hosted Zone there.
  •’s site is hosted using an S3 bucket and served using CloudFront. I have in Route 53 an A record (with an alias) to the CloudFront distribution.
  • has SSL enabled using a certificate from AWS ACM.
  • I registered and have delegated DNS resolution to Cloudflare DNS.

I have added a CNAME record from to in Cloudflare, but I get a 403 error when navigating.

Any idea if what I want to achieve is possible and/or what am I doing wrong/missing?

Thanks in advance

Update: If I try to CURL I get a TLS error message, which I don’t understand how to solve:

curl: (35) error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version

I have tried changing the minium TLS version to 1.2 and disabling the required TLS 1.3. The connection is marked as Flexible too.

After doing this I still get the 403 error.

Your content should only be available under one domain name. If you want that site to be, then configure the site that way. That’s why you’re getting the 403.

And then redirect over to

For future reference, I managed to solve this, in case anyone faces the same problem.

How I solved the TLS error?

  • I had to change the minimum TLS version to 1.2
  • I had to disable the TLS 1.3 required
  • Connection type had to be Flexible

How i managed to solve the DNS resolution?

  • I emitted an SSL certificate using AWS ACM for the following FQDN, *,, and * Using DNS verification I added the required records on Route 53 for and Cloudflare for
  • I added the new CNAMEs and * to the CloudFront distribution and change the SSL cert. to the newly emitted one.

I forgot to mention the CNAME records in Cloudflare DNS:

  • CNAME from to
  • CNAME from to

You should not use Flexible. It misrepresents to your visitors that their traffic is encrypted when you are actually sending unencrypted HTTP requests between Cloudflare and your origin. The right solution is to fix your encryption setup between your origin and Cloudflare, and use Full (Strict). thanks for the heads up. I’ll change my configuration to the one you specify for security. Thank you!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.