Generate single-level subdomain names for Sentry API endpoints? / Cloudflare SSL


This may well be a Cloudflare issue that I need to poke them about, but I thought I’d ask here just in case anyone else has experience with this.

I’ve got on-premise Sentry up and running on AWS (all of my company’s computing infrastructure lives on AWS with all internet-facing traffic going through Cloudflare) and I’m at the final step of getting ingest working properly.

The trouble is SSL. All the backend stuff (workers, ingest, web UI that pokes ingest points, etc.) gets grumpy because SSL isn’t working on the sub-subdomains Sentry uses for all the API calls. Wildcard SSL certs only support a single subdomain, e.g. * can be covered by one cert, but *.* cannot. Ingest gets done via, but sentry defines a further subdomain for each project’s ingest, e.g.

I guess this means we’ll need two wildcard certs – one for * and another for *

Alternately, is there a way to configure sentry so that it generates endpoints like and instead?

We’ve got Enterprise-level service at Cloudflare on the domain where I’d like to host Sentry, so this might just require paying for/enabling some extra option there to get the extra SSL certs.

I’d appreciate any help anyone can offer, and I’m perfectly happy if the answer is just “go bug Cloudflare about this.” Just hoping there’s another option.


I think you are looking for this config: sentry/ at 8bad06abc7763432cbf0aba6420bf0f65f0fe7a3 · getsentry/sentry · GitHub

That said the option that enables this config (and thus the subdomains) should not be enabled by default so just turning that feature off (organizations:org-subdomains) should solve your issue once and for all?

1 Like

I could kiss you! :smile:

This will take care of it nicely. Thank you so much!

As much as I am flattered, I’m happily married :stuck_out_tongue:

Glad it was useful. I’m still curious how that option got turned on for your instance tho. Did you folks enable that by yourselves or somehow it gets automatically enabled somewhere?

1 Like

I probably activated it by mistake early on without actually realizing what it was about to do to my sanity. It didn’t get automatically enabled to my knowledge.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.