I have a CNAME record pointing to my webapp hosted in Pythonanywhere. This CNAME is a second-level subdomain: pfm.v0.genify.ai. The root domain (genify.ai) is a react website hosted in cloudflare using a cloudflare worker. Therefore, I have an AAAA of name genify.ai pointing to 100::
The root website is secured using a cloudflare SSL certificate. Its encryption mode is Full (strict). The genify.ai website works fine with https.
To secure pfm.v0.genify.ai, I first purchased a dedicated certificate with custom hostname (required for multi-level subdomains), then I followed https://help.pythonanywhere.com/pages/HTTPSCustomCerts: in summary, I’ve created a certificate signing request with domain “pfm.v0.genify.ai” and a private key, I uploaded the CSR to cloudflare, cloudflare returned me a certificate which I uploaded to pythonanywhere).
This is the error obtained in pythonanywhere:
Mismatch between certificate Common Name (CloudFlare Origin Certificate) and webapp (pfm.v0.genify.ai)
It doesn’t work: when trying to access my webapp, I get either ERR_SSL_VERSION_OR_CIPHER_MISMATCH or ERR_CONNECTION_TIMED_OUT. How to solve it? Is upgrading to Enterprise the only solution?
Did someone get a similar issue using AWS instead of Pythonanywhere and how did he/she solved it?
When creating the CSR, I set the common name to pfm.v0.genify.ai. Why does Pythonanywhere reports that the common name is “CloudFlare Origin Certificate”?
Last but not least: would hosting my app on a new cloudflare worker solve this problem?
Thanks in advance!