38

I've let cloudflare manage the DNS of my example.com

I have created id.example.com for country's specific customer. I've done it by created cname id with alias example.com

I need to create customer portal: my.id.example.com. How?

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109

4 Answers4

47
  • In Cloudflare, open the DNS records for domain.example
  • Create a A record for example.id and enter the IP where my.id.domain.example will be hosted, and add record
  • Setup the site my.id.domain.example at the IP you specified

If domain.example is on Cloudflare and the Cloudflare nameservers have propagated, the sub-sub domain propagation should be more or less instant

As correctly noted by ThorSummoner and user296526, this will work on the Cloudflare free plan if you aren't using SSL.

If you want to have a sub sub domain with SSL on Cloudflare, you need to a dedicated Cloudflare dedicated SSL certificate which is available as a paid plan. To quote from the Cloudflare site:

Cloudflare Dedicated Certificate with Custom Hostname: $10 per domain per month

Includes all benefits mentioned above for Dedicated Certificates Protects your domain, subdomains (*.example.com), as well as up to 50 additional hostnames Can extend protection beyond first-level subdomains (*.www.example.com, not just *.example.com) Dedicated SSL certificates typically provision within a few minutes but can take up to 24 hours.

Full details here

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
David Taiaroa
  • 25,157
  • 7
  • 62
  • 50
  • 24
    Turns out `*.mysite.tld` (star) certs only apply one level, so `id.mysite.tld` is ssl valid, but `my.id.mysite.tld` is not without reissuing the cert for it. Ref: http://security.stackexchange.com/q/83245/53804 – ThorSummoner Mar 07 '16 at 22:12
22

The accepted answer works fine only if you are not using SSL. As mentioned by @ThorSummoner, cloudflare wildcard SSL certificate is only valid for your domain example.com and *.example.com. It is NOT valid for *.*.example.com (Sub Subdomains or fourth level subdomains).

In order to have SSL for your fourth level subdomains, you will have to be on a paid cloudflare plan and will also need to buy a dedicated SSL certificate from within cloudflare control panel.

Please refer to below pages for more info:

https://support.cloudflare.com/hc/en-us/articles/219453397-Can-I-use-CloudFlare-SSL-certificates-on-my-fourth-level-subdomain-

https://support.cloudflare.com/hc/en-us/articles/228009108-Dedicated-SSL-Certificates

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
user296526
  • 404
  • 1
  • 3
  • 9
  • 2
    Links to external resources are encouraged, but please add context around the link so your fellow users will have some idea what it is and why it’s there. Always quote the most relevant part of an important link, in case the target site is unreachable or goes permanently offline. – pableiros Nov 16 '16 at 19:22
  • When using Cloudflare's Argo tunnel you get the same issue with an error like `Server error: You asked for a tunnel to www.dev.example.com, but your certificate is valid only for [*.example.com example.com]` - same underlying problem – Simon_Weaver Apr 01 '19 at 17:20
3

CloudFlare doesn't support true subdomains (i.e., subzones with nameserver delegation). But it does support what you want, i.e. specific records within a subdomain served by the same zone.

Simply create your record as you would any other record, and use my.id as the name (note the dot.) Lookup will work as you would expect it.

Mihai Limbășan
  • 64,368
  • 4
  • 48
  • 59
  • I believe that Cloudflare does allow subdomain NS delegation now as you can specify a NS record: https://malware.expert/howto/delegate-subdomain-cloudflare-to-other-dns-servers/ – CodingSamurai Feb 07 '18 at 14:05
  • @CodingSamurai But Cloudflare prevents adding "sites" for anything other than top-level domains. So you may add "foobar" as NS-record for your "example.com" and hosting BIND for it on your own, but you cannot add "foobar.example.com" as a new site in Cloudflare. Am I right? – Fabian Barney Mar 01 '18 at 10:15
  • Maybe? Depends on what you're trying to do. Cloudflare can specify the NS record for the subdomain but then you need to point that subdomain NS to another service (such as Amazon Route 53) and not back to Cloudflare. – CodingSamurai Mar 16 '18 at 17:36
2

You need to create the subdomains at your hosting provider first, then you would come to your CloudFlare DNS settings and enter in the DNS records so that it resolves.

damoncloudflare
  • 2,079
  • 13
  • 9