[Fixed my self] For those who try to connect to custom subdomain (cname) from cloudflare but not success

Charkrid Th.

• November 07, 2024 06:05

now I understand what happened! Let me summarize why the Custom Hostname solution worked:

 

1. The Issue:
- The default Universal SSL certificate only covered yourdomain.com and *.yourdomain.com
- However, when using Brizy Cloud with a CNAME setup, it needs special SSL handling

2. Why Custom Hostname Fixed It:
- Cloudflare for SaaS (Custom Hostnames) is specifically designed for scenarios where you're using a third-party service (like Brizy)
- It provides:
  - Proper SSL certificate provisioning for the specific subdomain
  - Vanity domain support
  - Built-in DDoS protection
  - Proper SSL handshake between Cloudflare and Brizy's servers

3. The Free Tier Includes:
- 100 Custom Hostnames at no cost
- Automatic TLS certificate provisioning
- Proper handling of CNAME configurations

This solution worked because it properly handles the SSL certificate chain between your domain, Cloudflare, and Brizy's servers, which was the root cause of the original ERR_SSL_PROTOCOL_ERROR.

The site is now working properly because the Custom Hostname feature provides the correct SSL certificate configuration for your specific subdomain-to-Brizy setup. 

1

• 

  Charkrid Th.

  • November 07, 2024 08:46

  Here's a summary of the troubleshooting process we went through:

  ### Initial Setup Issues
  1. **Domain Not Detected by Brizy**: 
     - CNAME records need to be correctly set and propagate globally, which can take time.

  2. **SSL Handshake Errors**:
     - SSL issues often arise due to conflicts between Cloudflare settings and the hosting provider’s SSL configurations.

  ### Resolutions and Steps Taken
  1. **DNS Configuration**:
     - Ensured CNAME records correctly pointed to Brizy.
     - Switched to "DNS only" mode initially to let Brizy handle SSL directly.

  2. **Proxy Settings**:
     - Proxying can cause SSL issues when Cloudflare and Brizy both attempt to manage SSL. Initially turning off proxy ensured Brizy could set up SSL without interference.

  3. **Cloudflare SSL/TLS Settings**:
     - Set SSL to "Flexible" to avoid conflicts since Brizy manages the SSL certificate.
     - This mode allows Cloudflare's flexibility without requiring full strict SSL checks from the backend.

  4. **Network Protocol Adjustments**:
     - Disabled HTTP/3 (QUIC) to rule out protocol-specific issues interfering with SSL.

  5. **Cache Clearing**:
     - Purged Cloudflare’s cache to clear any lingering outdated settings and used browser cache clearances.

  6. **Waiting for Propagation**:
     - Sometimes, DNS and SSL changes require several hours to propagate fully and stabilize.

  ### Key Takeaways
  - **Initial Setup**: Use "DNS only" while setting up new domains to let Brizy handle everything initially.
  - **CNAME Configuration**: Ensure precision in DNS settings and check them carefully.
  - **SSL Conflicts**: Use Flexible SSL if your hosting provider manages SSL, as this minimizes conflicts.
  - **Proxy Settings**: Once the setup stabilizes, you can re-enable proxy if desired, but verify that no new SSL conflicts arise.
  - **Patience with Propagation**: DNS changes can take 48 hours; patience is vital.

  Understanding this helps streamline future setups and adjustments, reducing headaches and enabling smoother operations with Cloudflare and Brizy. 

  1
• 

  Kamal Subedi

  • November 12, 2024 09:04

  I can confirm the steps above works as of Nov 2024. Thank you so much to Charkrid Th. for posting this. Following this, I get my site up and running in less than 15 minutes. 
  
  For now, I maintain the Flexible SSL for stability, not sure the added benefits of enabling Full SSL in Cloudflare though if Brizy has the SSL already?

  0

Please sign in to leave a comment.