SSL on CNAME records using Cloudflare Proxy

marcusquinn

I can't recall where we were discussing it @girish but I just had to solve an email tracking issue with Elastic Email and I thought the insight might help others with this and similar needs.

Normally, when setting a CNAME record to point to another domain, you get SSL errors.

However, if you use Cloudflare for DNS these settings seem to work:

1. Enable their Proxy for sub-domain records (tracking.example.com in this case).
2. Set SSL/TSL to Full
3. Add a Page Rule for *.example.com/* with Always Use HTTPS = On

Insecure errors and my email tracking issue solved all in one.

I can't remember where we were discussing something I suggested a CNAME alias might help solve something for someone, and I seem to remember @girish saying it could but would have cert errors, well if ever anyone needs a solution like this, it's one of the use-cases for Cloudflare Proxy that I can see worth using it for.