#Encrypt End-To-End

Hello,

I am trying to setup ( Full Strict End-to-End )
The main domain "domain1.com" work perfectly but the "domain2.com" that is only a redirect to "domain1.com" are facing a 526 Cloudflare error when activating because it is not part of the SSL Certificate.

Is this possible to create a Origin Server Certificate and adding all redirected domain to it to prevent this error ?

Thanks,

Just curious, why would you need to Full(Strict) if the domain only serves to redirect.

It'd just be redirecting anyways to the main domain which has Full(Strict) on

You have no orgin on Domain2, so Full(Strict) on would not work anyways afaik

You can turn it on Flexible and just have Automatic HTTPs Rewrite enabled

and it'll still use Full(Strict) once it redirects

You can do the redirect entirely within Cloudflare, if I understand you correctly. Either with Page Rules, Bulk Redirects, or Dynamic Redirects.
For simple redirects, Bulk Redirects may be the easiest: https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/create-dashboard/

Is this possible to create a Origin Server Certificate and adding all redirected domain to it to prevent this error ?
Origin Certs can only contain a singular specific zone/domain in your account. If you can do the redirect logic in one of the redirect products, great! You could also use a custom Worker if it's more complex.

never ever ever flexible, never. Even for redirects, it would allow anyone to MITM the connection and serve a malicious redirect

Chances of that are unlikely for such a small website.

I doubt this dude owns a business the size of Apple

or works for such

Yeah, good security practice, but a MITM attack is so unlikely and even then if you can do a MITM Attack you can do a much harsher attack on the person ratted.

Plus they'll end up visiting Google and seeing something is wrong

I mean, it’s more just like, unless you have legacy infra that absolutely cannot work over HTTPS, there isn’t really a good reason to use Flexible.