Ran into this issue again where Universal SSL doesn’t work for third-level subdomains (abc.xyz.domain.tld) and when testing all the browser says is SSL error.
The UI could make this limitations more obvious, like how it does for non-proxied records and it says the origin IP is exposed.
The Dashboard quite clearly shows that the certificate is for
What is it that you’d like it to say?
DNS page could put an exclamation icon next to the cloud-ed record to point out an SSL cert doesn’t cover it. Banner at the top could point out SSL cert isn’t applying to some records, similar to the SPF/DMARC missing banners. That way it’s pointed out ASAP to the admin.
I’m only seeing *.example.com in the SSL/TLS > Edge Certificates area.
To those of us in the know on SSL certs, we should recognize that *.example.com doesn’t apply to third-level subdomains… but that also doesn’t mean Cloudflare isn’t technically able to create wildcard/SANs for the additional records.
It’s just one of those Cloudflare gotchas that the UI doesn’t point out when it’s helpful, like BFM not being bypass-able with page rules or mTLS.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.