Point CName record at cloudflare | Cloudflare Developers | Page 1

latent garnet Jan 2, 2026, 12:31 PM

#

hello

im trying to point a subdomain cname record to cloudflare for a client, but im getting this error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Moving DNS to cloudflare is not an option. The host does support WWW forwarding, but i would like for it to keep the domain in the url if possible

how can i solve this?

short coyote Jan 2, 2026, 1:15 PM

#

The CNAME target (on Cloudflare) needs to set up a custom hostname for the domain that's pointing to it

#

https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/

Cloudflare Docs

Cloudflare for SaaS

Cloudflare for SaaS allows you to extend the security and performance benefits of Cloudflare's network to your customers via their own custom or vanity domains.

latent garnet Jan 2, 2026, 3:20 PM

#

Per the guide i am first trying to set up a proxied dns cname record. i have codeservice.gustavsen.app pointing to codes.gustavsen.app which is connected to a worker, but that errors on 522 even though the worker works fine

short coyote Jan 2, 2026, 4:40 PM

#

codeservice.gustavsen.app doesn't resolve for me. What have you set in the Cloudflare DNS?

#

(You also need to set the CNAMEs for your Proton mail DKIM records to "DNS only")

#

https://cf.sjr.dev/tools/check?f889c76fe7724eaebf2614242632e881#dns-mail

latent garnet Jan 3, 2026, 1:06 PM

#

yes sorry. I had removed it while trying following a guide on youtube. It's back now. Also thanks for the heads upregarding cloudflare proxy on DKIM

latent garnet Jan 3, 2026, 2:04 PM

#

codeservice.gustavsen.app now points to codes.gustavsen.app

#

i had look on your site and it remarks about it not pointing to an ip, but im not sure what to do with that

latent garnet Jan 3, 2026, 4:07 PM

#

My actual issue might be solved in a simpler way. I need https://codes.tiff.no/ to be pointed at codes.gustavsen.app. Certificate says active in the dashboard, and hostname is good. It is pointed directly at origin server codes.gustavsen.app

codes.tiff.no:
Minimum TLS version: TLS 1.0 (default) Certificate validation method: TXT Validation (recommended) SSL certificate authority: Google Trust Services Certificate type: Provided by Cloudflare Origin server: codes.gustavsen.app Origin SNI value: codes.gustavsen.app

#

if you have a bit more time to help me @short coyote i would be very grateful. There is something here im just not getting. sorry for the ping im just getting my ass kicked here

short coyote Jan 4, 2026, 10:15 AM

#

codes.tiff.no is giving a 522 which usually means the Worker isn't triggering and the request is falling through the 100:: DNS record. Make sure the Worker route includes the custom domain...

#

https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/worker-as-origin/

latent garnet Jan 4, 2026, 12:26 PM

#

It should be fine

#

#

#

#

fallback.gustavsen.app routes to the worker fine, but it doesn't from codes.tiff.no

#

if I do a catch-all it works fine, but i need the domain for more stuff

latent garnet Jan 4, 2026, 1:27 PM

#

so after a bunch more searching and some help I figured out that I need to add the external domain in routes, not the fallback. It may be me, but i don't think this reads very clear from the docs, so it would be a welcome improvement

#

@potent sun how can i provide that feedback?

dusky copper Jan 19, 2026, 7:53 PM

#

latent garnet if I do a catch-all it works fine, but i need the domain for more stuff

did you end up figuring out how to mitigate this issue? I have the same setup, but I only want to route one subdomain

#

from your last message, it sounds like your solution might have been to make specific workers routes for the domain you're hosting the worker on?

#Point CName record at cloudflare