type: rule
status: active
timestamp: 2026-06-22
tags: [rule, subdomain, ssl, dns, one-level, cloudflare, free-tier]

One-level subdomains only — never two levels deep below oriz.in

One-level subdomains only below oriz.in

One-level subdomains only

Rule

Family subdomains MUST be at most ONE level deep below oriz.in.

AllowedForbidden
blog.oriz.inposts.blog.oriz.in (2 levels)
paisa.oriz.inindia.paisa.oriz.in (2 levels)
fii-dii-api.oriz.infii-dii.api.oriz.in (2 levels)
pdf.oriz.inmerge.pdf.oriz.in (2 levels)

Why

Cloudflare Universal SSL free tier covers *.oriz.in only — one-level wildcard. Two-level wildcards (*.api.oriz.in) require paid Advanced Certificate Manager (~$10/mo). That violates rules/no-card-on-file.

Free workarounds for already-deployed 2-level subdomains:

Current violation

19 API subdomains live at <name>.api.oriz.in (two levels): fii-dii, mmi, mf-nav, pincode, ifsc, holidays, currency, tickers, rbi-rates, gold-silver, irctc, aqi-india, aqi, fuel, exams, rti, judgments, budget, so-trending

Resolution: DNS-only (grey cloud) + GH Pages SSL handles the cert. No URL change required.

New APIs follow the rule

When adding a new API:

Pattern for inevitable nesting needs

If a future feature really needs nesting (e.g. per-region):

Prefix instead of subdomain-nesting.

Cross-refs


Edit on GitHub · Back to index