Setting up ssl cert for sub-domain


#1

I use SiteGround as my host. I’ve been using CloudFlare as my DNS for many many years, long before moving to SiteGround. I have my main site working with https. I have a Let’s Encrypt cert installed at SiteGround.

I need to setup a sub-domain, for development work on my site before pushing to the live/main site. This sub-domain is “stage.”

I can’t get to the stage site because of a Invalid SSL certificate error.

CloudFlare DNS has an arecord for the stage subdomain, pointing at the SiteGround server IP (just like the main site). It’s the same server IP as the main site.

I tried talking with SiteGround, and they’re telling me I have to “pause” DNS here at CloudFlare, then go to Let’s Encrypt at SiteGround, and then come back here to “resume” DNS to the sub-domain. This means no sense to me. There is no pause/resume option.

How do I resolve the cert error?
How do I setup a sub-domain with https (just like the main domain already is)?


#2

Hi @user7410,

What is the exact error you receive when trying to connect to the subdomain? Also, are you able to share the domain?

It could be that your SSL mode is set to Full but the Let’s Encrypt cert does not cover the subdomain? Full requires a valid SSL cert so you could try adding a new cert in your server for that subdomain.

Alternatively, are you trying to use www.subdomain.domain.com? This would not work with the www as the Cloudflare cert covers *.yourdomain.com but can’t cover *. *.domain.com


#3

The error was: “526 Invalid SSL certificate error”

I found this article:

After doing that and waiting a few minutes, SiteGround set me install their cert using their Let’s Encrypt. After that was up, I then un-paused CloudFlare.

Now, oddly, the new stage subdomain is resolving to the main domain. I’ wondering if this is a problem at the host side, or something I need to change here at CloudFlare. I can’t imagine it being something to change here with DNS. The sub-domain at the hosting server is really just a directory within my main site. I would think it’s up to them to resolve the sub-domain traffic.

This dns stuff always leaves me totally frustrated.


#4

Yes, 526 would show that you have the SSL mode set to Full but no valid cert on your origin.

Now you have installed the SSL cert for the subdomain, it should be OK.

The problem of it redirecting to the root domain does sound like something on the host’s side, if you point the DNS there, it is up to them to resolve it. I would contact them about that.

If you have any further questions, please just post back!


#5

Cool - thanks for the super quick replies!

I hate to change the topic, but while we’re at it…

Is there an advantage to keeping my DNS here at CloudFlare, or would it be better to have my host also be DNS? I can see the convenience of having the host also be DNS, but I was told many years ago by CloudFlare that having them be my DNS was how to get the full advantage.

The trouble I always get into is anytime I have an issue between my host and DNS, they tell me I have to resolve it with CloudFlare. This become especially frustrating with SSL certificates.


#6

No problem! Here is another one!..

I can see the advantages of having your host controlling the DNS, however I prefer to keep it with Cloudflare due to the service and benefits they provide such as the IP masking and DDOS mitigation. I am not too familiar with partner setups but someone else here may be able to provide insight on the benefits of a full DNS setup.

I appreciate the difficulties when sorting out issues with the host, hosts seem to love blaming Cloudflare for things!

Edit: @cscharff seems to have quite a good explanation:

CNAME setup process ignored!

Edit2(!): @sdayman seems to have made some good points here as well