Custom domain support to cloudflare proxied domain - ssl-certificate

We have configured domain exmpl.io with Cloudflare.
Our customers want to point their domain abc.example.com to the exmpl.io, we asked to set up CNAME and point to exmpl.io. But SSL is not working when exmpl.io is not proxied via Cloudflare, when proxied, the domain pointed is not working.
How can I give support for SSL to the domain proxied on Cloudflare?

Related

How to generate SSL only for subdomain without add domain?

I am pretty new with the domain configuration part. I want to know that can I generate SSL only for my subdomain I didn't want to add the root domain with CLOUDFLARE because my root domain already has SSL certificate. Is it possible to do that? I have purchased my domain from the GODADDY. I will add the generated SSL certificate to IIS.
Please help me out !!
Edit: I don't want to add my root domain to CLOUDFLARE because if I will do it I have to change my NAMESERVER for the same and my root domain already has SSL.
I believe what you're looking for is the CNAME setup on Cloudflare. This is the alternative method of Name Server setup. However, this setup requires a Business plan. With CNAME setup, you can have just a certain subdomains to be used with Cloudflare. With proxy turned on the subdomain, you'd get the usual Universal SSL certification from Cloudflare.

SSL certificate is not working for subdomain with www

We are running our website on IIS. In the domain settings, example.com and www.example.com are pointing to same IP Address.
The website works fine for https://example.com and https://www.example.com and https://stage.example.com
but for:
https://www.stage.example.com
We are getting Not Secure error.
Is it related to how SSL certificate is setup?
Added http & https bindings in IIS for both stage.example.com and www.stage.example.com
If you have a non-www and fully-qualified domain name of the same domain, a single domain (standard) SSL certificate would be enough to cover both. However, if you have multiple subdomains that you need to cover, then you need a wildcard SSL certificate.
For example:
Scenario 1: If you want to secure only two versions of your domains — domain.com and www.domain.com — a single domain SSL would be fine.
Scenario 2: If you want to secure the first level of subdomains (other than www.domain.com) — such as mail.domain.com or test.domain.com — a single domain SSL will not be enough. You must buy a wildcard SSL certificate

enabling https for sub domain

We have a application with its domain and subdomain running on the same server.We need to configure domain and sub-domain as https.We can able to access the main domain via https,when the subdomain is accessed the connection is not secured. How to access the sub-domains as https?

s3 static site + cloudfront + SSL not working for non www

I have a static html site hosted on a s3 bucket. I have generated a free ssl certificate with let's encrypt which I imported into ACM.
certbot --manual --server https://acme-v01.api.letsencrypt.org/directory -d example.com -d www.example.com
I have setup cloudfront to use that certificate.
On my DNS provider (namecheap) I have set a CNAME that points www to the cloudfront domain name, and also put a redirect from mydomain.com to www.mydomain.com
Now if I go to
https://www.example.com, it works
https://example.com, it hangs until it times out
Can someone tell me what I'm a missing ?
On my DNS provider (namecheap) I have ... put a redirect from mydomain.com to www.mydomain.com
There's the problem. Your "DNS provider" has a redirect service that doesn't support HTTPS. There is no way they can -- a redirect can only occur after an HTTPS connection is made, and an HTTPS connection requires a valid certificate.
Redirects are never actually done in DNS, though your provider's interface may give you that impression. Redirects are always done with a web server. Your provider has a web server that they provision and point the DNS there when you configure one hostname to redirect to another.
In short, there's not really a way to do this at the domain apex without using Route 53 as your authoritative DNS host. You don't have to transfer your domain name registration to the Route 53 registrar, but you'll need to use Route 53 for your DNS, and you'll need a second bucket and a second CloudFront distribution -- see Supporting HTTPS URL redirection with a single CloudFront distribution.

Should i enable Cloudflare for A records for my nameservers

I am using Cloudflare, and my domain is using their nameservers olga and duke.
I have A records for ns1.mydomain.com and ns2.mydomain.com and that is only thing which is revealing my real IP address, because i can not force clients to use CloudFlare. So I host their DNS.
If I enable CloudFlare for my NS1 & NS2 A records, will everything continue to work well?
Notice: NS1 and NS2 at registrar are will still be pointing to real IP address.
If you want to use Cloudflare you need to choose one of the following configurations:
Change your name servers at the registrar and use in Full mode,
Use via a hosting partner, or
Upgrade to BIZ and use a CNAME setup
Cloudflare Knowledge Base Article
Whilst Cloudflare can host the DNS records for your host - it will not proxy DNS records; Cloudflare will only proxy HTTP and HTTPS traffic.
If you wish to proxy DNS traffic you can use Cloudflare's Virtual DNS product. This acts as a firewall for your existing DNS infrastructure.