What is first? Read Certificates SSL or Redirects (Page Rules)?

rescandon · March 10, 2021, 8:38pm

Hi Community.

I want to know from your experience. I have a site integrated with Cloudflare. The site has certificates that allow access only to example.com but not www.example.com. I inspected that the certificate missing another Subject Alt Names DNS with wildcard *.example.com for allowing the access with www.example.com. Can a redirect (page rules) set up from Cloudflare’s admin solve the issue? To set up a redirect 302 from www.example.com to example.com. In other words. Could it work first what the certificates? or the certificates would work first what the redirects? What is the correct flow? (page rules).

I hope your answer soon. Thanks.
Ruben

sandro · March 10, 2021, 8:41pm

For starters, you have an invalid certificate there. You need to fix this first.

sandro · March 11, 2021, 11:08am

The certificate seems to be the only issue. You need to replace your self-signed certificate with a proper and valid certificate.

sdayman · March 10, 2021, 9:04pm

Page Rules come first. My ‘www’ DNS entries don’t even have a valid IP address, and I use a Page Rule to redirect to the apex domain.

rescandon · March 10, 2021, 9:39pm

Thank you by your help. So Does the page rules come first? or Does the certificates entries first? Can you explain some brief about it. Could you give your opinion about @sdayman ? Is he in the correct? or this apply for other cases? Thanks
Ruben

sandro · March 10, 2021, 9:41pm

I am not quite sure what you mean by certificate entires and page rules as these two are completely unrelated.

The only issue here really is the certificate. You have an invalid and broken certificate and need to fix this first. Once that is done, there shouldn’t be any issue, but if there still are we certainly can check those out as well.

sandro · March 10, 2021, 9:47pm

If you mean by entries the hostnames for which the certificate is valid, then that’s still unrelated to page rules and page rules can’t “fix” that either, but these “entries” are not the issue.

All you need to do is fix the certificate and get a valid one (which can be a Cloudflare Origin certificate as well). That’s it.

rescandon · March 10, 2021, 9:50pm

Got it. I understand that the certificates and page rules are two things completely unrelated. This make sense for me.

But I want to know the flow or the step by step that uses Cloudflare or the Hosting or the Internet to carry the customer to website. First would comes a layer of certificate and after the layer of the redirecting (managed by the page rules of Cloudflare).

Could you describe briefly it, or the essential?

Thanks
Ruben

sandro · March 10, 2021, 9:51pm

Assuming we are talking about an HTTPS connection, then we will first have a TLS connection (with the certificate), then the HTTP layer and in that context page rules. After than anything origin related.

rescandon · March 10, 2021, 10:03pm

Ok, I understood. Yes, we are assuming an HTTPS connection, So after the TLS connection (with the certificate), when it has already established the connection. Then would come the context page rules to work, correct?

Thanks,
Ruben

sandro · March 10, 2021, 10:08pm

Correct.

But I can only stress again, your issue here is not related to any of that but because you have a broken certificate on your server and you’ll never be able to establish a secure connection in that. You really need to fix the certificate. Either get a Lets Encrypt certificate or an Origin certificate (the search will have all the details on that).

rescandon · March 10, 2021, 10:22pm

Got it, Thank you. You help is very valuable. Thank you by your patience and your time.

system · March 13, 2021, 10:22pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.