SSL for virtual subdomains wildcard
I have wildcard virtual subdomains, all pointing to 1 root directory. I try to enable SSL for these subdomains and it works, but without www in the address. So I created a rule to automatically remove www from the address of all subdomains. It turned out that the rule only works when there is a valid certificate, so it doesn't work.
To sum up: for the certificate to work, you need to remove www, and to remove www, you need to provide a certicate. It looks like a catch-22 🙂
Is there any way to make this work on Cloudflare?
And if not, is it even possible to achieve this with Advanced Certificate Managed in a simple way?
Thanks in advance 🙂
2 Replies
You can use Advanced Certificate Manager to issue up to 100 certificates for any hostnames (up to 50 hostnames per cert), in this case you probably if I am reading this right want to issue certs of the form
*.sub.example.com so that www.sub.example.com is covered right?
If you create these DNS records manually and don't use wildcard * DNS records, you can also use Total TLS which has no cap.
If this doesn't help you may need to explain your situation a little more, e.g. what records do you have and what is the desired result?Many thanks for reply. To be honest I'm not sure if I catch your point as I am not en expert in adminstration and Clouflare config, I am developer. I will try to get more details.
Creating manualy could be tuff - currently for 1 domain I have ~300 virtual subdomains. But there are not the real subdomains, there's no separately config for each address on the server, all * is pointing to one website on the server.
DNS A records - I have only 2 records - for main domain and for all requests *.
SSL works for sub.example.com but not working for www.sub.example.com - in that case ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
I read documentation and I understand that www is 2nd level of subdomain, but this SSL in Cloudflare working up to 1st level of subdomain.
So I am wondering if there's any possibility to make this work on Cloudflare?
Or maybe it should be done on the server directly?