#Is it possible to register all subdomains?

I want to register all subdomains below .studioProject.h-and-c.co.uk

What do you mean by register?

like, show a page on all of them

You can use wildcard records: https://blog.cloudflare.com/wildcard-proxy-for-everyone/
But keep in mind, the free universal ssl certificate only covers first level subdomains. That is, if your domain is h-and-c.co.uk, it would cover
*.h-and-c.co.uk, but not *.studioProject.h-and-c.co.uk. You'd have to buy Advanced Certificate Manager (ACM - $10 USD/month) and issue another wildcard cert from it

(That is, if you want to take advantage of Cloudflare's CDN/reverse proxy. If you don't, you can use unproxied wildcard records and not need a cert covering it in Cloudflare, your origin would still need a valid cert for it though)

ok

i'm using dns only and for some reason, hi.hello.h-and-c.co.uk says that the domain doesn't exist but i have created a wildcard dns certificate for *.*.studioProject.h-and-c.co.uk

you can't have two wildcards, only one, and it has to be leftmost

check the blog I linked above, it explains most of the rules/limits around it

how do i do that then?

If you create one for *.studioProject.h-and-c.co.uk, hi.hello.studioProject.h-and-c.co.uk would be covered

Wildcards are only supported on the first label. Meaning something like subdomain.*.mycoolwebpage.xyz is not a wildcard on the level of the asterisk character. If you create a DNS record with that name, the asterisk is interpreted as the literal character and not as the wildcard operator.

You cannot create wildcards on multiple levels. So if you create a DNS record on *.*.mycoolwebpage.xyz, only the first asterisk is interpreted as a wildcard while the second one is interpreted as the literal “*” character.

Wildcards will be applied for multiple levels. But a specific record on any equal or lower level will terminate anything on or below this specific record — independent of the type of that specific record. Here is an example. If you have only these two records on your domain

ok

i with the cloudflare dashboard would point that out as an error

still doesn't say it

hello.studioProject.h-and-c.co.uk now says 404 and hi.hello.studioProject.h-and-c.co.uk still doesn't exist

The 404 is going to be from your origin, not a cloudflare thing

i know that

what's the record you created exactly, just *.studioProject.h-and-c.co.uk?

*.studioproject on the dashboard

The recursion stops the second it hits anything that does exist. For example, if you have a record for hello.studioproject, the wildcard will stop recursing, and not hit hi.hello.studioproject

ok, these are all of the records for .studioproject

TXT
hi.hello.studioproject

A
*.studioproject

Right, so since you have a TXT Record for that, the A wildcard won't apply

you'd have to manually create the A record for that

but i need a txt or my hosting provider won't work

all of my A records go to the same ip if that helps

Should the txt record be wildcard, or does it have to be on hi.hello?

hi.hello

i removed the txt and it still doesn't work

Then if you want the same wildcard behavior on hi.hello, create another A record on hi.hello.studioproject with the same value, and then a second wildcard on *.hi.hello.studioproject with the same value, and it'll be like the txt record isn't therre

That's just cache
;; QUESTION SECTION:
;hi.hello.studioProject.h-and-c.co.uk. IN A

;; ANSWER SECTION:
hi.hello.studioProject.h-and-c.co.uk. 300 IN A redacted

tf?

You can use dig on Linux, i.e dig hi.hello.studioProject.h-and-c.co.uk @aarav.ns.cloudflare.com querying your authoritive nameserver to test things without cache getting in the way, Cf's DNS propogation is pretty fast, like a few seconds world wide, ignoring cache

and u just exposed my hosting ip :P

well with dns-only it's always going to be exposed, but sure I can edit it out

i still don't get it

so, what do i put in the a record

This is the condition you are currently hitting that is confusing you

Wildcards will be applied for multiple levels. But a specific record on any equal or lower level will terminate anything on or below this specific record — independent of the type of that specific record.

so, what do i put in that

For what? what's your goal?

Maybe it's better to ask what specifically you are confused about

to get *.*.studioproject.h-and-c.co.uk working

You're fine with DNS-only right? and you want the TXT record on hi.hello.studioproject?

yes

i have it as dns only so that cf doesn't keep breaking things

because that's what it keeps doing as proxied

probably because your configuration doesn't support ssl/tls

anyway, you would want your records like this

A *.studioproject.h-and-c.co.uk <serverip> dns-only
A hi.hello.studioproject.h-and-c.co.uk <serverip> dns-only
A *.hi.hello.studioproject.h-and-c.co.uk <serverip> dns-only
TXT hi.hello.studioproject.h-and-c.co.uk <txt>

The second wildcard there is only necessary if you want xxx.hi.hello.studioproject to work, as without it the TXT Record existing stops the normal wildcard from working on hi.hello and recursing any further

i don't want anything below hi.hello.studioproject.h-and-c.co.uk working but i might in the future so, i'll leave it there

it works, now how do i get security working on hi.hello.studioproject.h-and-c.co.uk

so that this disappears

You mean http/https? You'd have to get a certificate for it. Let's Encrypt and a few other providers offer free certificates via certbot, which can be automated to renew depending on your install/etc

ok, also, how do i get it to display the page at hello.wumpus-dev.repl.co on all wildcards that are not declared

Keep in mind wildcards with certificates only cover one level, it's just how they work. If you got a certificate that was for *.studioproject.h-and-c.co.uk, it would only cover xx.studioproject.h-and-c.co.uk and not hi.hello.studioproject.h-and-c.co.uk. You can get a certificate that covers mutiple hostnames, known as Subject Alternative Names (SANs), i.e *.studioproject.h-and-c.co.uk and hi.hello.studioproject.h-and-c.co.uk, there's a limit on SANs though

That's going to depend on repl, if they even support wildcards or not. You could do something hacky eitherway with a simple VPS that proxies to repl and has wildcard certificates on it

i don't get it

just how do i do it?

@pearl helm

how do you do what? Hook it up with repl? Go through their tutorial, it's their platform, they decide what goes, if they support wildcards or not, etc

just, look at repl.co and just try some subdomains on it, u'll get it

have u figured it out how i want it yet?

I don't have a repl account, and don't understand what you're saying, all I can do is refer you to their custom domain guide
https://docs.replit.com/hosting/custom-domains

do u get what i mean?

so, i want to display the page at https://hello.wumpus-dev.repl.co on all of the pages still wildcard OR the 404 page on h-and-c.co.uk

that's something you would need to configure at repl

how is it? it's on cloudflare's end

i can just display the 404 page on h-and-c.co.uk and it wouldn't be anything to do with replit then

Maybe I am misunderstanding what you are saying, you are saying you want to show a repl or a page on your apex, based on what condition?

ok, let me explain from scratch

so, i want to display the 404 page on h-and-c.co.uk on all of the wildcard pages (right now, everything except hi.hello.h-and-c.co.uk are wildcards for more context)

and then over time add specific records pointing to repls or something, like you have on hi.hello?

yes

i will use the cloudflare api from my web app to add the records for things like hi.hello

you can just change the wildcard to a cname to h-and-c.co.uk, and if the Express server accepts those hostnames/supports that, it would just work. Then over time just add specific records for repls/other things

ok

let me try that

You wouldn't really be able to get it to work with https though, you'd need an infinite amount of certificates, you could get *.studioproject.h-and-c.co.uk and that would cover all of the first level subdomains, but any other wouldn't be secure

can you have numbers in the domain name?

so i could point it to like 404.h-and-c.co.uk?

yea, you mean a cname or something? Still, visiting test.random.studioproject wouldn't have a cert

i got it to use ssl

where u can add hostnames to use mTLS, i added *.studioproject

just doing some replit template stuff, brb

Client Certificates aren't edge certificates, they're certs a connecting client can present to Cloudflare and pass through security mechanisms

yes but it's dns only

yea so it would do nothing

hang on a sec, lemme just test it

just verifying it

right, now how do i fix this?

does it work on the actual domain you added and just not a random one?
If I had to guess, that's a response from Repl saying "we don't have a certificate for this"

yes, it does

it's not repl though

becuase it points to projectnotfound.studio.errors.h-and-c.co.uk

wait, i forgot to add a certificate for that

at least i get a response now

just need to do a few more things with replit

and, back to this

@pearl helm

you're trying to get repl to work wildcard? or otherwise, cname to it from a subdomain not added to repl directly?

on projectnotfound.studio.errors.h-and-c.co.uk (the thing that points to replit), it works but on the wildcards (the things that point to projectnotfound.studio.errors.h-and-c.co.uk), it sends that

yea usually products that support custom domains require each host that you want to work to be added to them invidiually

yeah but i don't know if replit supports wildcards

keep in mind a CNAME is just saying "look for the IP over here", there's no actual binding between a random wildcard subdomain you visit and projectnotfound.studio.errors.h-and-c.co.uk

The request replit gets is just with the host header/sni of hello.hi.studioproject, the cname is just dns level information

i don't know the ip of h-and-c.co.uk so i can't use an a record

even if you did it wouldn't matter, Repl is likely looking for a host header/sni match to serve the right certificate and content, otherwise what would they know to serve if the IP is shared

i'll try wildcards with replit

https wouldn't work anyway, if your visting hello.hi.studioproject, the only cert that would work for it is either direct match (hello.hi.studioproject) or a wildcard on the same level (*.hi.studioproject)

no, replit doesn't work with wildcards

how does repl.co do it then?

they have https on wildcards

check the certificate

you're talking about like for this https://hello.wumpus-dev.repl.co/ ?

they issued a wildcard just for wumpus-dev

yeah

ok

...

how do i issue a wildcard for every subdomain like that?

for every single possible one in existence? there is a limit because of dns being capped at I believe 256 characters, but realistically you can't. They're taking advantage, just like Cloudflare does with workers.dev addresses for example, of knowing a level and only needing one level wildcard

if each customer gets a repl.co wildcard subdomain, they're just issuing one per customer. Which can be done, with a bit of infrastructure and probably agreements to bypass rate limits, stuff like that

just, how do i do it, i don't understant it

so, if i just made the username limit for my site 50 chars, it would be every single possible one for 50 characters?

if each customer gets their own subdomain, yea you could issue one per customer as they sign up

yeah but replit does that for even non-existent usernames

I really doubt it

it does

if you change the url, you get the same ssl failure
https://hello.hi-dev.repl.co/

if an account doesn't exist

ok...

When you create an account, they issue a new certificate for you

ok

can u just give me the records for that?

to do what? issue certificates for each customerr?

yes

i can just use the cloudflare api to add the records

there's no easy dns records for that. You would need your own infrastructure capable of issuing and serving the certificates. You would hit Let's Encrypt rate limits as well, repl.co is on something called the Public Suffix List, in each browser, which is essentially "treat each subdomain as a full domain, for security and some certificate providers rate limiting purposes: https://publicsuffix.org/. If you wanted to issue certs for each customer you'd need to get on that list as well.

ok, i'll get on that list tommorow, can u just give me the records?

You would need to point at your own web servers that would be capable of serving the certificates you issue, or use some paid provider for it

they probably wouldn't approve you, not sure, it's not something you can just get on without a use case and some backing I believe

i have a use case

an ide, like codesandbox and stuff like that

Repl talks about how they created their own dns infrastructure for custom domains and such a bit here: https://blog.replit.com/dns
a good read, you'd have to automate a lot of stuff, not sure if there are really and off the shelf solutions for it

can i just do it the codesandbox way instead?

just something like hfd37dgs.studioproject.h-and-c.co.uk

yea with a single wildcard cert and record, you'd have to find a provider which works with that though or host it on your own vps/infra

how do i host it on my own infrastructure?

@pearl helm

When I say your own infrastructure, I mean running your own web server like nginx/services, on a virtual private server/dedicated server, or even just a container host like fly.io. Basically just doing the web server stuff yourself rather then using an existing provider, if you can't find any providers that offer out of the box solutions for what you want

i use express

is that good enough

nginx is just a hassle to set up with existing servers

and i have to pay for nginx???

yea, you'd just have to get a certificate (like via certbot/let's encrypt) configure Express to serve the cert, and then whatever code to handle the different hostnames serving different customer stuff. Nginx is just the gold standard of web servers, and free/open source. There is an enterprise version but you don't need it