One of my servers is failing a vulnerability scan because the ‘commonName’ (CN) attribute of the SSL certificate presented for this service is for a different machine.
The DNS on Cloudflare points to the server IP, but the test resolves to a different IP address on the Cloudflare network.
I have installed edge certificates. Not sure what else to do?
That is not a vulnerability, but your test tool apparently does not support SNI, respectively SANs.
That is by design as long as you proxy your site through Cloudflare.
Your setup appears to be all right.
Do you know if there is a way to temproarily disable DDoS so that the Security Metrics can clear the false positive result?
You can temporarily stop proxying and have everything point to your real IP address (attention, during that time someone might be able to get that IP address and circumvent Cloudflare’s protection service once you enable it again). For that you can either “pause” Cloudflare in the control panel or switch the DNS records from to .
This topic was automatically closed after 30 days. New replies are no longer allowed.