Subdomains not included in SAN

So I have set up some subdomain redirects in my registrar that redirect to another website and have added the respective A record to Cloudflare.

The redirects work absolutely fine, however, when I do an SSL checker they all report the same issue which is The domain name does not match the certificate common name or SAN!

I don’t want users to be prompted with warnings when they are redirected so I believe I need to fix this issue… or would this not cause browser warning messages? The redirects seem to work without warning but wanted to know if this would need to be resolved (and how) if this would cause this issue.

Thank you in advance

You are probably running into this issue Subdomain too deep

I don’t think so, its only one level *.domain.com for example, no further than that so It should be covered.

Well, you didn’t post the hostname :wink:

What’s the hostname?

It’s hard to post as it won’t let me post URLs which is silly. The hostname is *.europathelastbattle.org without the subdomain obviously.

That’s not the hostname, that’s a domain with a wildcard. What’s the exact hostname?

Also, that domain is not using Cloudflare at all.

Sorry I’m not very network proficient, what’s the difference between a domain and a hostname?
What do you mean? How could you tell that it is not using it? It should be, its all setup.

Nope, that domain is not configured for Cloudflare.

nslookup -type=ns europathelastbattle.org a0.org.afilias-nst.info
Server:  UnKnown
Address:  199.19.56.1

europathelastbattle.org nameserver = ns4.epik.com
europathelastbattle.org nameserver = ns3.epik.com

As for hostname, that would be the name that you set up on your domain, like e.g. www.domain.com.

That is very strange… for some reason, my registrar has reverted back to its old NS… Not sure why it has done that. Ill change that back now, I thought Cloudflare would notify me if that happened tbh.

well its just europathelastbattle. org im confused of the difference sorry

Well, that explains why you are getting certificate warnings, however that also suggests you may not have a secure setup. Make sure your server is properly configured with all necessary certificates and your encryption mode on Cloudflare is Full Strict.

Well its currently just a parked domain that my registar provides, saves on cost that way. I guess i’ll wait for the NS to update and recheck. Although the SSL checkers reported back fine on all the checks just not the SAN names, not sure if that is related or not but guess I’ll find out. Thanks for your help

In that case your certificate may be only valid for the naked domain but not for the desired hostname. You should fix that too. Maybe check out Cloudflare’s Origin certificates.

I’ll have to look into how that works, not familiar. Cloudflare state that their basic SSL cert covers the domain and first level subdomains so I shouldn’t need to do anything more complicated I wouldn’t have thought

For the proxies that is correct, but you still need to have the right certificates on your server.

Take a look at Bulk Redirects in Cloudflare. This should help simplify things by removing the registrar web server from your redirects.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.