Root domain resolves, www subdomain causes 520 error

When accessing the site from it’s root (without www.), it loads fine. If I try to access www.mydomain.com with Cloudflare enabled, I get a 520 error. If I disable Cloudflare (www CNAME record set to DNS only), I get ERR_EMPTY_RESPONSE in Chrome. Without www., everything works fine.
Here are my DNS records (my actual domain has been replaced with mydomain.com):


I think the second record is causing the problem. It does not make a difference if I set it to DNS only. Also note I’m using DNSSEC and Always use HTTPS is on.
Thanks for your help.

Regarding Cloudflare 520 error, may I suggest you to try looking into below articles to troubleshoot the issue:

May I ask was the DNSSEC enabled for your domain before you changed your nameservers to Cloudflare?

Regarding Heroku and HTTPS, may I also ask did they provided you with an SSL certificate for your domain (covering both www and non-www) and was your Website working over HTTPS before moving to Cloudflare?

Kindly, check and post back here what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain? (Flexible, Full, Full Strict …)

Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:

If any other issues appear, follow the needed steps for troubleshooting from article below:

Regarding available SSL options at Cloudflare dashboard, check here:

In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare CA Origin Certificate:

Last but not least, kindly have a look here for more information regarding correct SSL settings:

Few tips to check out for:

Thank you for your reply.
It turns out the problem was mostly with Heroku, not Cloudflare. I had already added mydomain.com to the Heroku app domain list, but not www.mydomain.com, so despite the fact www should just point to the root because of the CNAME record, Heroku didn’t think it was authenticated, so didn’t work. To resolve this I just had to add www.mydomain.com to the Heroku app domain list. This gave a different herokudns URL, which I made the target of the www CNAME record and it worked.
Thanks again for your support,
Henry

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.