Incorrect HTTPS record for wildcard domains
A DNS wildcard like *.example.com will match a.b.example.com, but a TLS wildcard certificate will not. Because of this, Cloudflare will only serve HTTP requests in this scenario, as expected. Despite this, Cloudflare will still respond affirmatively to HTTPS DNS queries. This results in a domain like this being inaccessible in browsers that support HTTPS records.
1 Reply
Trying to add an explicit wildcard HTTPS record seems to be ignored.
based on this thread, this appears to be intended behavior, which is very inconvenient: https://community.cloudflare.com/t/http-only-site-broken-in-chrome-only-chromium-said-the-problem-is-https-rr-bug-report/506153/11