I used to activate the domain with Cloudflare in NS way and it issued me a universal SSL.
Then due to some technical reason I had to switch NS to CName and I deleted the domain and added it again in CName way and performed the activation again without a problem.
But suddenly when I checked the SSL/TLS certificate I noticed that the root domain (gao.bo itself) is showing “Deleted” status. I tried to disable universal SSL and enable again. Nothing changed though.
I searched around but failed to find a way to ask Cloudflare to issue a univeral SSL for the root domain again (all subdomains got their universal SSL issued without a problem).
Thanks for your time replyinng.
That’s exactly what CName indicates: we don’t have to use Cloudflare DNS, instead we use CNAME records via a Cloudflare partner. Cloudflare issues univeral SSLs for domains and subdomains activated in both NS and CName ways.
Right, so the account the CNAME points to needs to issue the cert. That’s Cloudfare’s SaaS service, as well as a Biz/Ent plan feature. You can’t do this with a regular account.
When you are in CNAME setup, Cloudflare will only issue SSL certificates for DNS records that are proxied, and your current nameserver must point the CNAME to Cloudflare to complete the SSL verification.
As you mentioned, and I’ve also been a loyal Cloudflare user for quite a while. You are perfectly correct. On the other hand I have already completed all the steps: a) the domains are proxied, AND b) the domains have been resolved to 1.1.1.1 or CNAMEed to corresponding-domain.cdn.cloudflare.net (you can simply verify by pinging gao.bof.gao.bo and t.gao.bo)
However it does not work at all. The problem is that Cloudflare did not even try to issue the certicate for the root domain, but all subdomains work like a charm, though they all own totally the same configuration over domain resolution.
I can confirm that resolving to 1.1.1.1 (or 1.0.0.1) is correct. I can change my current subdomains or set up a new subdomain to show you that it does work. Although, I seems not to be able to find an official document supporting this.
I searched throughout the community and found several posts with the same issue, and none of them receive meaningful solution. A trivial issue right? Not so I am afraid.