#Not Verifying Certificate Status

Change the "Name" field of the "_acme-challenge" in the middle.

Before: _acme-challenge.www.timergara.com
After: _acme-challenge.www

The way you currently have it, the record is being published on the name "_acme-challenge.www.timergara.com.timergara.com.".

i will do it.. one more question i can CNAME route level domain like timergara.com instead of www.timergara.com right?

The CNAME type DNS record cannot be used on the naked domain (e.g. timergara.com), but only on sub-domains, such as e.g. www.timergara.com, or example.timergara.com.

Adding a CNAME for www (your first CNAME at the screenshot) will solely cover the www.timergara.com, but not other labels like e.g. the naked domain timergara.com or sub-sub domains, such as e.g. example.www.timergara.com.

Playing around with wildcards, e.g. named "*" can be used in the DNS system, - however, they often cause more complications than they do any good.

but if i want to handle example.com for my client will that work technically? or this will work for subdomains only

As you're CNAME'ing to tecbricks.com, whether a such wildcard would work or not, would also depend on tecbricks.com's set up.

As it seems like tecbricks.com is on Cloudflare, and that the configuration being used is Cloudflare for SaaS, the wildcard option would require tecbricks.com to be on an Enterprise plan with Cloudflare.

Apex proxying (covering the naked domain) is according to the documentation also requiring Enterprise, - however, I mean to have heard that people have had success on on-boarding them anyway.

But that's then up to you, whether or not you would rely on eventually unsupported functionality, that could in theory break at any time, and without any prior warning.

these explainations are a little confusing me sorry for that..
i wand to timergara.com to be routed to tecbricks.com and in tecbricks worker i will handle SAAS... is it possible in free plan?

request is not going to worker, @patent flare can you please help... ssl issue resolved

Another user had a request of using the SaaS option with the naked domains back in January, which caused quite much trouble. It's over here: https://discord.com/channels/595317990191398933/1199717616072274051

It may not be technically impossible to make it work, - however, it's not supported (i.e. meaning that it is NOT guaranteed to be working flawlessly).

ok let focus on subdomain right now, i need to route traffic to worker

How is your SaaS thing set up?

I'm thinking like you have the proxy-fallback name in your DNS records, but you're just CNAME'ing to the naked domain?

And what about the actual Worker, what routes are set there?

proxy-fallback is routing to tecbricks.com is that not ok? i just want to see tecbricks.com page in www.timergara.com

i just followed the documentation...

and this video: https://www.youtube.com/watch?v=hy1feUVVejQ&list=WL

should i add for worker? proxy-fallback

Does adding www.timergara.com via the "[Add Custom Domain]" button change anything?

what if i add fallback one here and remove from dns

Add proxy-fallback.tecbricks.com.

^ And change your CNAME on the image you posted here, that is pointing "www" to "tecbricks.com".

Make that "www" point to "site.tecbricks.com" or "proxy-fallback.tecbricks.com" instead.

it wasnt returning that an hour ago, so it was probably still propagating

It didn't exist one hour ago:

$ dig TXT _acme-challenge.www.timergara.com @dns1.registrar-servers.com

; <<>> DiG 9.16.48-Debian <<>> TXT _acme-challenge.www.timergara.com @dns1.registrar-servers.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36719
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.www.timergara.com. IN  TXT

;; AUTHORITY SECTION:
timergara.com.          3601    IN      SOA     dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1725809645 43200 3600 604800 3601

;; Query time: 36 msec
;; SERVER: 2610:a1:1024::200#53(2610:a1:1024::200)
;; WHEN: Sun Sep 08 17:50:31 CEST 2024
;; MSG SIZE  rcvd: 132

However, the incorrect domain-appended one did:

$ dig TXT _acme-challenge.www.timergara.com.timergara.com @dns1.registrar-servers.com

; <<>> DiG 9.16.48-Debian <<>> TXT _acme-challenge.www.timergara.com.timergara.com @dns1.registrar-servers.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57012
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.www.timergara.com.timergara.com. IN TXT

;; ANSWER SECTION:
_acme-challenge.www.timergara.com.timergara.com. 1799 IN TXT "hcqQCMOBhhuby_s61lCkE9XZMK6LRSYTUZjuBgvFsVk"

;; AUTHORITY SECTION:
timergara.com.          1800    IN      NS      dns1.registrar-servers.com.
timergara.com.          1800    IN      NS      dns2.registrar-servers.com.

;; Query time: 36 msec
;; SERVER: 2610:a1:1024::200#53(2610:a1:1024::200)
;; WHEN: Sun Sep 08 17:50:44 CEST 2024
;; MSG SIZE  rcvd: 188

Oh nested domain name, always fun

I checked for non-www but didn’t try the nested one and then my internet died for an hour

They can indeed cause some funny troubleshooting from time to time. 😉

applied these steps: first CNAMED to site.tecbricks.com and now proxy-fallback.tecbricks.com but still not routed...maybe it take time not sure.

also added fallback subdomain to worker

Can you find your Worker, and then go to Settings > Triggers > Routes, and see what you have there?

What does the three dots give? Or alternatively, when you click the proxy-fallback name?

And you only got the "Domains" part there, not "Routes"?

Your worker needs to listen to */*

can you pls a little explain how that can be done?