Subdomain error 404

Hi

I have a Cloudflare free account with a dedicated SSL certificate with custom hostnames.

When I try to access the URL https://en.primroseuk.com I receive the error: HTTP Error 404. The requested resource is not found.

I have the following DNS records:

Type: CNAME
Name: en
Value: is an alias of primroseuk.com
TTL: Automatic
Status: Orange

Type: A
Name: primroseuk.com
Value: points to 95.128.135.30
TTL: Automatic
Status: Orange

The Certificate Hostnames are the following:

www.en.primroseuk.com
en.primroseuk.com
*.primroseuk.com
primroseuk.com

Can anyone point me in the right direction of why I get the 404 Error?

Thank you.

Hi @primroseuk,

Cloudflare shouldn’t return a 404, so I would expect that to be coming from your server. Is there a site on that address?

Hi @domjh
Thank you for your reply.
I agree with you that the error should come from my server but the hosting company tells me to talk to Cloudflare.

There is a site on the server and you can see it here http://www.primroseuk.com

For the sub-domain en.primroseuk.com I use a domain pointer to serve the main site. Once the main site loads but the URL is from the sub-domain en it will know to load the English language instead of the Italian (Nopcommerce version 3.90)

Because the main site is a live website I have created a similar setup under another domain so I can do some testing.

https://www.londralavoro.com/

Here I have two subdomains

gb.londralavoro.com
es.londralavoro.com

DNS on Cloudflare as below

Type: A
Name: es
Value: points to 95.128.135.30
TTL:Automatic
Status: Orange

Type: A
Name: gb
Value: points to 95.128.135.30
TTL:Automatic
Status: Orange

Type: A
Name: londralavoro.com
Value: points to 95.128.135.30
TTL:Automatic
Status: Orange

For the moment this domain uses the shared Cloudflare Universal SSL certificate.

I have created two web site pointers to point both subdomains to londralavoro.com

I can get the two sub-domains and main site to work if I change the SSL in Cloudflare to Flexible (not reccomended).

As soon as I switch to Full I get 404 for the main domain and the 2 subsites.

Now going back to the live website (primroseuk.com) I used to have an SSL certificate installed on the server for the main domain. When it expired I switched to the Dedicated SSL with Custom Hostnames provided by Cloudflare.

I am wondering if the main domain (primroseuk.com) works using SSL:Full because the certificate even if expired is still installed and Cloudflare will connect to the origin over HTTPS, but will not validate the certificate.

For the subdomain there is not hostname specified on the old certificate and that it could be the reason why I get a 404.

What are your thoughts? Do you think it could be the problem?

Sorry for the long message but I want to be sure that I provide all the necessary info.

Thank you

Ah, that sounds to me like the server isn’t configured to use SSL / respond on port 443 which is something you would have to address with your host…

Yes, I think this is a very likely reason…

No problem, all the info helped :slightly_smiling_face:

Thank you @domjh.

I made some progress!!!

So I have asked the hosting company if they could add the host name en.primroseuk.com to the expired certificate on the server. They did. And now I can load the url https://en.primroseuk.com
but only after I bypass the warning message This site isn’t secure

The website’s security certificate is not yet valid or has expired.

If I look at the certificate for the www.primroseuk.com I can see the details of the Dedicated SSL Issued by Cloudflare Inc ECC CA-2

If I look at the certificate for en.primroseuk.com I see that the certificate is invalid because it’s expired and it is the one issued by RapidSSL TLS RSA CA G1

The hostnames for the dedicated SSL Certificate on cloudflare are:

en.primroseuk.com
www.en.primroseuk.com
*.primroseuk.com
primroseuk.com

I also still have the Universal (Shared) free SSL enabled.

The SSL on Cloudflare is set to Full which I thought it should connect to the origin over HTTP, but not validate the certificate… which seems to be the case for https://www.primroseuk.com but not for https://en.primroseuk.com

Do you have any thoughts of why this is happening?

Thank you again for your help. Really appreciated.

Regards

Hi!

That host (en.) needs to be set to :orange: in the Cloudflare dashboard (DNS page) for the Cloudflare cert to work, currently it looks to be :grey:.

Full will connect over HTTPS, but just not validate the cert

Hi @domjh

Thank you so much!!! that fixed the issue and now everything is working as expected.

One last question please. Let’s say I decide to revert back and renew the certificate at the origin (I am not sure if the hosting company is keen to add more host names when I will need them). Do I still need a dedicated SSL certificate on Cloudflare where I can specify the hostnames or the universal SSL will be enough? Please consider that the SSL at the origin will include hostnames such as www.en.primrose.uk.

I have really appreciated your help. Thank you

Regards

No problem, glad it is working for you. The universal cert will cover any first level subdomain, e.g. en.domain.com but NOT second level like www.en.domain.com, you would need to keep the dedicated cert for that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.