I want to setup full HTTPS encryption for my domain (genify.ai) and subdomain (ezloan.genify.ai).
I have a CNAME which redirects genify.ai to my PythonAnywhere web host, and another CNAME which should redirect ezloan.genify.ai to another web app on AWS (the redirect doesn’t actually happen, but that’s another problem)
In SSL/TLS -> Overview, I’ve selected “Full (strict)”
In SSL/TLS -> Origin server, I’ve created 2 certificates: one with hosts genify.ai and *.genify.ai, another one with hosts ezloan.genify.ai and *.ezloan.genify.ai
I also have an universal certificate with hosts *.genify.ai, genify.ai, and Universal SSL is enabled.
Is the setup above correct?
In my browser only, trying to access genify.ai yields error 526. However it works on some other browsers. Why?
CloudFlare can not validate the SSL-Cert on the origin Server. It is invalid, or selfsign, which also is invalid for “Full (Strict)” SSL Mode
You have not setup your SSL-Cert right, or the SSL Cert itself is invalid.
From CloudFlare you just need one single Origin-SSl Cert. It is the one which is for:
genify.ai & *.genify.ai
As it covers the rootdomain and ALL first level subdomains.
For me it is like this:
ezloan.genify.ai => www.ezloan.ai => works
genify.ai => 526 Error
What you have to do is installing a valid SSL Cert on the Server which hosts genify.ai or set SSL-Mode to “Full” and not “Full (Strict)” but this is just a workaround and not recommended!
The SSL certificate that I have to install on my origin server (PythonAnywhere), isn’t it the one provided by cloudflare (under SSL/TLS -> Origin server)?
