Good afternoon Cloudflare Community,

Recently, a partner of ours requested we redirect one of their old A records to a new webpage in order to continue using the URL. In turn, we had them do the following:


A Record: freecollege –> IP


CNAME Record: freecollege –>

However, after 3 days of propagation, the new CNAME record seems to be causing the following error in both Chome and Firefox:


How would we fix this?

What’s the domain that “freecollege” is a subdomain of? Is the CNAME orange-clouded or grey-clouded?

“freecollege” is a subdomain of OPEIU’s homepage; however, they don’t use Cloudflare.

In turn, we have our own CNAME record that points from OPEIU (dot) easterngateway (dot) edu that is orange-clouded.

(For some reason, Cloudflare Community isn’t allowing me to post URLs right now.)

Okay, so is a CNAME (on non-Cloudflare DNS) to is orange-clouded (proxied) in Cloudflare

here’s the issue… when a web client wants to connect to, they do an nslookup and see that it’s a CNAME for, so they do an nslookup for that and get a few IPs, but they’re Cloudflare IPs. So they connect to one of those Cloudflare IPs and ask for “”. But Cloudflare has no idea what “” is; it has no valid SSL certificate for it because it’s not something that even exists on Cloudflare

if the DNS for were on Cloudflare I don’t think it would be an issue, I think Cloudflare has mechanisms to recognize when a grey-clouded CNAME is being pointed to an orange-clouded name and work around it (maybe only within the same CF account though). Or you could orange-cloud the CNAME and it would work that way too.

easiest way to resolve this would be to grey-cloud but if you don’t want to do that, you could maybe create another subdomain like (grey-clouded obviously) and ask them to point the CNAME to that.

Long story short, however you do it, you can’t proxy this traffic through Cloudflare; Cloudflare can’t present a valid SSL certificate because that domain’s not even on Cloudflare, also, Cloudflare’s proxy servers would have no idea of where to route the traffic to. The traffic needs to hit your origin server, where you (hopefully) already have a valid SSL certificate for set up and ready to go.

If you really, really wanted the traffic proxied through Cloudflare, you’d have to ask them to do an HTTP redirect (on their side) so that traffic to would get completely redirected to Doing it that way of course visitors would see instead of in their address bar.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.