SSL not working for a sub-domain pointed with CNAME record to another domain


I have the domain []* (This is just an example) configured in Cloudflare.
The SSL/TLS is configured to: Full (Strict)

I want to point a subdomain called []* to a partner subdomain ([]* - This is also just an example of name) via CNAME as requested by the partner:

My new CNAME DNS record is like:
[]* >>>>> CNAME >>>> []*

Note that the partner subdomain [custom . partnerdomain . com] works in https.

When I visit [] it gives me a warning that the website is not secure.

Is there a way to get this scenario working and have[] working for users visiting this url?

  • Added spaces because I could not create the post (more than two links!?)


The should be technically possible without issues. I assume the partner domain is not on Cloudflare, right? Is that record on your side proxied or not? You’ll probably have to configure the webserver to accept your domain as well however.

What is the actual host name?

I bumped up your permissions a bit so you won’t hit that issue.

They are not on cloudflare.

Currently, it is DNS only!
I have also tested the Proxied mode,but same issue.

You mean in the partner’s we servers?
What kind of configuration?

What is the host name in question?

I think that I have provided all the details needed for troubleshooting. Let me know if any additional information is required.

I don’t want to share the hostname publicly! Hope you understand that.

If you want you can share it in private. Run a check with your CNAME at and post the time here when you ran the check.

I have run a check on at about 14:44
Got a message like Hmm, is only partially available

At 44 there are two requests, which are presumably from you. Is it that t_____.c____.__ record?


Alright. Yes, that record is unproxied and a regular CNAME pointing to the configured host. As I mentioned before you will need to configure the target host properly, so that requests for your domain a correctly accepted/handled. That also includes a valid certificate for your domain on that server.

1 Like

Ok, I will check with them.
Thanks for your help.

1 Like

Just to confirm for the CNAME record on Cloudflare. It has to be unproxied (as it is right now) correct?

It doesnt have to. That particular target host is not on Cloudflare, so you can easily proxy it, but that wont change the fact that you will need to configure the target server properly. What you could avoid in this case is the necessity to also configure a certificate for your domain on their server, as the target host’s certificate will be accepted in this case as well.

This is interesting. Just to make things clear for me and to summarize for me and other people having the same issue: We have two options (Correct me if I am wrong):

Condition: Target host is not on Cloudflare.

Option 1:

  • CNAME record on Cloudflare: Not Proxied
  • Configure the target server properly.
  • The necessity to also configure a certificate for your domain on their server.

Option 2:

  • CNAME record on Cloudflare: Proxied
  • Configure the target server properly.

That is an accurate summary.

This topic was automatically closed after 30 days. New replies are no longer allowed.