Simple Setup of SSL on Sub Domains and Primary Domain


#1

Hi there. I’m wondering if anyone can post the exact instructions for setting up an SSL on a primary domain and it’s sub domains. I have searched throughout for an answer to this but it seems every answer is related to a specific problem vs providing instructions on how to do so.

Any help in this regard is much appreciated. Thank you


#2

Once you have moved your name servers to Cloudflare the certificate provisioning is automatic. I would recommend this great resource by Troy Hunt. It’s explained in video and translated in multiple languages.


#3

Thank you for that Matteo, I will look at the videos shortly and respond again - again thank you…


#4

Hi again Matteo, I hope you or someone can help me:

In the second video it speaks about setting up HSTS, so in the Crypto Tab I followed all the instructions and implemented everything advised to.

I then tested at hstspreload.org

My test came back negative so I fixed the redirect issues using the following in my main domains .htaccess file:

RewriteEngine on

#redirect http to https all domain
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTP_HOST} ^domain.ca [NC]
RewriteRule ^(.*)$ https://www.domain.ca/$1 [L,R=301]

#redirect no-www to www only main domain, not with subdomain
RewriteCond %{HTTP_HOST} ^(domain.ca)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]

RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(.+.)?domain.ca$
RewriteRule ^(.*)$ https://www.%domain.ca/$1 [R,L]

I ran the test again at hstspreload.org and the last error message I received was:

Error: No HSTS header
Response error: No HSTS header is present on the response.

Also, my subdomains are not working, nor are they redirecting to the www version, nor redirecting to the HTTPS version. In the HSTS settings I ensured to enable Apply HSTS policy to subdomains (includeSubDomains)

Question: Is there anything I have to do with the .htaccess files in each subdomain direction? Currently they have their own redirects - but note I have taken those redirects out of each of them now, and I’m still getting the same results.

Lastly, under the Crypto tab, under Hosts I have:

*.domain.ca, domain.ca (2 hosts)

Would I have to add the sub domains there?

Again Matteo, I do thank you for your help.


#5

Without knowing the domain is difficult to help, but:

  • the HTTPS rewrite is easily done in the dashboard (there is an Always Use HTTPS toggle in the crypto tab)
  • redirecting to www could also be done in Cloudflare using the Page Rules (domain.ca/* to https://www.domain.ca/$1)

The preload is a risky thing, you need to be EXTREMELY SURE you can support HTTPS in the long term (= forever), on all subdomains for everything. I would do it slowly, in increasing steps, without preload.

PS: are you sure that your records are :orange: in the DNS dashboard?


As far as settings go for your server I can’t comment on those. Redirects for what? To where? It’s hard not having a clue about your configuration.

If you have only third level subdomains (www.domain.ca, dashboard.domain.ca, etc.) and not higher level ones (hello.higher.level.subdomains.domain.ca) you don’t need anything special. Otherwise the default Cloudflare certificate doesn’t support them and you need at least the dedicated certificate with custom hostnames.


#6

Well thank you for that information Matteo, and interestingly enough, after setting all records to :orange: “the cloud”, my test at hstspreload . org came back positive. Again thank you!

As for the sub domains, they’re still not working.

In Page Rules I created:

http://domain.ca/*
Always Use HTTPS

My main domain redirects appear to be working, but again my sub domains are not.

Are you aware of anything else I may be missing?


#7

Not knowing the domain unfortunately I can’t help more…

PS: you don’t need a Page Rule for the Always Use HTTPS.