Cloudflare <-> Netlify insecure domain alias


I have a primary domain using cloudflare dns setup on netlify and working fine. However when I add a domain alias it is showing up as insecure.

Both DNS records are setup the same in cloudflare using flexible mode ssl/tls

type: CNAME
name: my-primary-domain & my-alias.with-subdomain
proxy: disabled

Primary domain has no issues at all while alias shows insecure warning.


Has anyone experienced this issue before with Cloudflare / Netlify?

Hi, @austinrivas. I’m only guessing (because you didn’t tell us the real site subdomain or domain name) but the issue is probably this:

Did you add the domain alias to the site settings at Netlify (Site Name > Settings > Domain management > Custom domains)? Also, did you click the “Renew certificate” button at the bottom of that same site settings page?

If so, please let us know the real domain and site name (or the site API ID) which will enable us to troubleshoot the issue.

You can post that information publicly or you can private message (PM) that to one of our support staff. I’ve confirmed that PMs are enabled for your community login. Please keep in mind that only one person can see the PM and this will likely mean a slower reply than posting the information publicly. Please feel free to reply to however you prefer though.

Thanks for the reply @luke

I was unaware the I needed to trigger renewal when adding an alias, that resolved the issue.

Is there are way to trigger a cert renewal via the Netlify API? I am looking through the docs now but I don’t see anything under sites or dns.

Will provisionSiteTLSCertificate do the job?

Hey @austinrivas,
Yup, that should do it, as long as your DNS is configured correctly! Please let us know if that doesn’t work for you.