Terminating SSL with DNS Only CNAME

I’m trying to setup a CNAME for a statuspage.io and per their documentation I setup the CNAME. The redirect is working properly but the SSL connection is getting terminated on their site and getting an SSL mismatch.

They recommend I terminate the SSL connection at Cloudflare but I can’t seem to find the option to do that.

Can you post a screenshot of that CNAME record and what is the domain?

DNS Only

With that, however, Cloudflare’s certificate is completely irrelevant. You need to make sure the service itself has a proper certificate. Cloudflare would be out of the picture in this case.

That would be done by proxying the record instead of using DNS only. Change the :grey: to :orange:.

Thanks for the information! That’s what I had thought but they had recomened not to use proxied CNAME so I was confused as to how to setup. I will reach out to their support for further troubleshooting.

Thanks again!

Can they elaborate on why not? As long as it is not proxied the connection goes straight to the server and the certificate there needs to handle the desired hostname. If you proxy it Cloudflare will handle the first leg of the connection and for the second leg the server certificate will be accepted as well if it just matches the CNAME’s host.

The issue is that the server is not serving the correct certificate for the desired hostname. So the Cloudflare CNAME ends up having a mismatch with what the server is serving.

I understood that, but if you cannot convince the service to run a certificate with your domain, you can only proxy it. When proxied it should work just fine as long as it is a CNAME.

So that is supported but only if we aren’t using a CDN apparently. So it looks like I have handle the SSL on my end.

Not sure about the question. The connection to the CNAME will only work (without a warning) in a proxied context, otherwise it won’t (well, it will but with a warning).

