SSL on Primary Domain Working But Not Working on Sub Domains

345 · 2018-09-22 23:23:02 UTC

Hi there. Currently my CloudFlare SSL is working fine - pretty awesomely on my primary domain - I’ve also gone into the Crypto tab and enabled everything in the HSTS section; also, I’ve enabled all the Clouds in the DNS tab, but for some reason my sub domains don’t work.

Could someone post the actual necessary settings to get sub domains to work? I ask because a lot of the information I’ve found appears to be out-dated, and or simply not working.

Should I add an A or CNAME record? and if so in what way should it be written?

I hope someone can help cause a few of my sub domains are down now…

Thank you for your help…

P.S. also, in Chrome, the error message I get is:

server IP address could not be found
DNS_PROBE_FINISHED_NXDOMAIN

sdayman · 2018-09-23 03:29:10 UTC

Yes, you need DNS entries for those subdomains. They typically match the DNS records for the main domain.

345 · 2018-09-23 11:41:50 UTC

Thank you sdayman - also, could you explain where those entries go and what they look like?

When you say they typically match the DNS records for the domain, which one exactly?

sdayman · 2018-09-23 13:55:56 UTC

You probably have a DNS entry for ‘www’ and it has an IP address, or a CNAME. Add another DNS entry that looks just like the ‘www’ entry, but make it ‘sub’ (your subdomain) instead.

345 · 2018-09-23 13:57:43 UTC

Hi there sdayman, and again thanks - so just to be clear, in the value field add sub.domian and make it a CNAME with a www entry in the name field?

OK I added for the NAME field - www
For the value - sub.domain.com

And an error message popped up saying there’s already a CNAME for that domain

sdayman · 2018-09-23 14:00:09 UTC

That “NAME” field should be exactly what the NAME field is for your existing “www” entry.

345 · 2018-09-23 14:02:43 UTC

Right, name was/is www; the value is sub.domain.com but I get:

“An A, AAAA or CNAME record already exists with that host. (Code: 81053)”

Because this exists

CNAME www domain.ca Automatic

345 · 2018-09-23 14:06:26 UTC

At the top of the table, I also see this notification, could it be hindering the display of the sub domain?

“An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.”

sdayman · 2018-09-23 14:07:16 UTC

Is your ‘www’ entry a CNAME, or is it a A record?

That Origin IP address warning is unrelated.

345 · 2018-09-23 14:08:12 UTC

Yes the www entry is a CNAME…

sdayman · 2018-09-23 14:10:56 UTC

Add a new CNAME:
Name = sub (whatever your subdomain is), and Domain Name = the same as the Domain Name for your www entry.

cscharff · 2018-09-23 14:14:52 UTC

I think you have them backwards. In a CNAME record the first field is the new subdomain, the second is where it points (and assumes you’ve configured your server to accept traffic for the new subdomain already).

345 · 2018-09-23 14:14:53 UTC

OK I did that, the entry was added.

When I reloaded the page I got

www.sub.domain.ca’s server IP address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN

Does it matter that for the value it says “is an alias of domain.ca”?

cscharff · 2018-09-23 14:16:14 UTC

Do you have an entry for www.sub ?Sounded like you were trying to add sub. If you want to also add www.sub you’ll need an entry for it too (And Cloudflare’s free SSL cert won’t cover a second level domain like www.sub)

345 · 2018-09-23 14:16:47 UTC

Yes that’s how I have it right now:

First value is the subdomain (the Name column)
Second is the primary domain (value column)

And with respect to the sub being configured for traffic, I was working before I set up CloudFlare’s SSL

345 · 2018-09-23 14:17:39 UTC

Hi cscharff, could you be a little more clear as to what you mean?

sdayman · 2018-09-23 14:18:30 UTC

Big oops on my part…see if making it match the main domain’s entry will work.

Is the naked domain a CNAME or an IP address?

345 · 2018-09-23 14:23:35 UTC

I have this, not the first field blurred out is the sub’s name, as in subname.domain.ca

And an A record like this:

A - domain.ca - IP address

cscharff · 2018-09-23 14:25:04 UTC

The error you posted was for www.sub.domain.ca. If that isn’t what you typed in your browser, then your origin server may be misconfigured to redirect sub.domain.ca to www.sub.domain.ca. If you did mean to type www.sub.domain.ca then you need a CNAME entry for www.sub which is (probably) identical to sub.domain.ca for the target.

Any DNS name needs to be explicitly defined otherwise a computer has no idea where to go.

345 · 2018-09-23 14:27:41 UTC

OK well I just edited the CNAME, by adding as name : www.sub

I kept the value as domain.ca

Still no go - boy oh boy this is oddly complicated! My apologies everyone!