SSL for subdomains containing more than 1 word do not work

I have a subdomain setup as an A record, this works ok
cnames and also work fine with ssl through Cloudflare.
However a cname like generates an error in firefox and edge : SSL_ERROR_NO_CYPHER_OVERLAP
greying out the orange cloud to dns only makes this cname work just fine.

Correct. A second-level subdomain isn’t covered by the wildcard certificate. The certificate is valid for and * It it not valid for www.* or *.*

To go that deep, you’ll need the $10/month Custom Hostname TLS certificate. Then you can add sub-subdomains to the certificate hostname list.

Whilst your URL is a tad unusual this is actually going to become a much more frequently encountered issue. RFC8461 has just been published which necessitates a new subdomain be used to publish a domain’s mail security policy. Anyone using dedicated subdomains for email (which is best practice for things like mailouts) won’t be able it implement it via Cloudflare because the necessary domain, e.g., won’t have a valid cert.

1 Like

oh ok , no problem, people who want to add www before the subdomain can be served directly then, bypassing cf.

1 Like

RFC8461 seems to be one of the dumber RFCs I’ve read in a while.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.