CD
Cloudflare Developers16mo ago
GeeXx

Encrypt End-To-End

Hello, I am trying to setup ( Full Strict End-to-End ) The main domain "domain1.com" work perfectly but the "domain2.com" that is only a redirect to "domain1.com" are facing a 526 Cloudflare error when activating because it is not part of the SSL Certificate. Is this possible to create a Origin Server Certificate and adding all redirected domain to it to prevent this error ? Thanks,
5 Replies
! Julius Cole
! Julius Cole16mo ago
Just curious, why would you need to Full(Strict) if the domain only serves to redirect. It'd just be redirecting anyways to the main domain which has Full(Strict) on You have no orgin on Domain2, so Full(Strict) on would not work anyways afaik You can turn it on Flexible and just have Automatic HTTPs Rewrite enabled and it'll still use Full(Strict) once it redirects
Chaika
Chaika16mo ago
You can do the redirect entirely within Cloudflare, if I understand you correctly. Either with Page Rules, Bulk Redirects, or Dynamic Redirects. For simple redirects, Bulk Redirects may be the easiest: https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/create-dashboard/
Is this possible to create a Origin Server Certificate and adding all redirected domain to it to prevent this error ?
Origin Certs can only contain a singular specific zone/domain in your account. If you can do the redirect logic in one of the redirect products, great! You could also use a custom Worker if it's more complex.
Create Bulk Redirects in the dashboard · Cloudflare Rules docs
To create Bulk Redirects in the Cloudflare dashboard you must:
Chaika
Chaika16mo ago
never ever ever flexible, never. Even for redirects, it would allow anyone to MITM the connection and serve a malicious redirect
Vector
Vector16mo ago
Chances of that are unlikely for such a small website. I doubt this dude owns a business the size of Apple or works for such Yeah, good security practice, but a MITM attack is so unlikely and even then if you can do a MITM Attack you can do a much harsher attack on the person ratted. Plus they'll end up visiting Google and seeing something is wrong
Hello, I’m Allie!
Hello, I’m Allie!16mo ago
I mean, it’s more just like, unless you have legacy infra that absolutely cannot work over HTTPS, there isn’t really a good reason to use Flexible. Sure, in most cases, you won’t need it, but why take that chance?
Want results from more Discord servers?
Add your server