Closed surister closed 2 years ago
evertramos
commented
2 years ago @surister this is a limitation of CloudFlare certificate for you plan. If you uptrade to CloudFlare Pro you will not have this issue. Or try to by pass CloudFlare and you will see this is not related with the proxy.
theIanMilan
commented
2 years ago Just thought I'd share the CloudFlare documentation on the limitation for other people who might stumble onto this thread like I did
https://community.cloudflare.com/t/subdomain-too-deep/81872
The Cloudflare universal certificates cover example.com and *.example.com. This means that it covers any subdomain one level below the domain you signed up with.
It will cover www.example.com and subdomain.example.com, as these are one level below the root domain, example.com.
The certificate will not cover www.subdomain.example.com or a.b.example.com, however, as these subdomains are too deep.
Solution: You either need the $10/month Advanced Certificate Manager from Cloudflare, on which you can specify the subdomain you need to cover, or to set the record to :grey: and bypass Cloudflare altogether.
Describe the bug When using
sub1.sub2.domain.tldHttps connection fails withSSL_ERROR_NO_CYPHER_OVERLAPsub2.domain.tldworks though.To Reproduce Steps to reproduce the behavior:
docker run -e VIRTUAL_HOST=sub2.sub1.domain.tld -e LETSENCRYPT_HOST=sub2.sub1.domain.tld --network nginx_proxy nginxThe exact same command
docker run -e VIRTUAL_HOST=sub1.domain.tld -e LETSENCRYPT_HOST=sub1.domain.tld --network nginx_proxy nginxwithoutsub2works fine.DNSs are practically the same:
CNAME sub2.sub1 IN domain.tldCNAME sub1 IN domain.tldExpected behavior I expect it to work, I works if you don't use Cloudfare.
Note I am aware that this is most likely a Cloudfare Issue, in the beginning I had the same issue as #238 and I managed to solve it through that issue, I am wondering if anyone more experienced with Cloudfare knows what's going on.
Thanks in advance.