SSL issues after setting up wildcard custom domain

tldr; I use cloudflare for DNS and after setting up a wildcard custom domain in render I’ve had constant SSL issues - after removing the wildcard custom domain the site no longer works:

$ curl -i https://api.domain.com/health                                                                                                                                                                                                                                                                                                                                                                                 ✔ main ✱
curl: (35) error:14004458:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 unrecognized name

non-tldr

We use cloudflare for DNS/proxy for all of our applications. At domain we were running a shopify shop, at foo.domain we had a react app and api.domain was the API (hosted on heroku) for that react app. I needed to introduce another application that caught all other subdomains and redirected them based on some business rules - cloudflare only offer this service on their enterprise plan and after seeing render offered this with SSL I wanted to try it out.

I setup the new app on render, setup the custom wildcard domain (*.domain) and added the suggested entries to cloudflare. From that point on the shopify shop stopped working as well as our API and react app at foo.domain and a few other apps running on subdomains all complaining about SSL errors. The redirect app was working as expected though.

Given render was the last change I removed the custom domain and was greeted with a nastier SSL error:

$ curl -i https://api.domain.com/health                                                                                                                                                                                                                                                                                                                                                                                 ✔ main ✱
curl: (35) error:14004458:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 unrecognized name

I have now deleted the web service in render and the problem still persists. It feels like render is taking precedence over our entries in cloudflare. I don’t understand how that’s possible but I’m hoping there is something obvious that I’m not aware of.

I’d rather not expose the domains that I’m working on as they’re pre-launch products. My email here is the same as my account on render.

Thanks in advance for any help.

Hi @timcooper, welcome to the Render community! Do you mind sharing your DNS settings with me and the names of the domains via DM? Without knowing that information I won’t be able to find those entries in our database.

Hi mate - I DM’d you a few days ago but haven’t heard back. Just wondering if you could take a look please.