From 112097f8aac2becba8e871e2d5f35020711e886e Mon Sep 17 00:00:00 2001
From: simon-says <simon-says@users.noreply.github.com>
Date: Wed, 23 Jul 2025 16:38:51 +0100
Subject: [PATCH 1/5] Update ssltls-subdomains.mdx

Clarify that Cloudflare SSL/TLS will only work for a subdomain if the DNS record is proxied
---
 src/content/partials/dns/ssltls-subdomains.mdx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/content/partials/dns/ssltls-subdomains.mdx b/src/content/partials/dns/ssltls-subdomains.mdx
index c0f394e91d9f857..f243314c9fc270d 100644
--- a/src/content/partials/dns/ssltls-subdomains.mdx
+++ b/src/content/partials/dns/ssltls-subdomains.mdx
@@ -3,6 +3,10 @@
 
 ---
 
+:::note
+Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [Proxy Status](/dns/proxy-status/) to Proxied. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
+:::
+
 If your main domain is using Cloudflare's [Universal SSL certificate](/ssl/edge-certificates/universal-ssl/), that certificate also covers all first-level subdomains (`blog.example.com`).
 
 For deeper subdomains (`dev.blog.example.com`), use a [different type of certificate](/ssl/edge-certificates/universal-ssl/limitations/#full-setup).

From 32c329f7e1b45738c2f8ea2cec3fce80764923c6 Mon Sep 17 00:00:00 2001
From: simon-says <simon-says@users.noreply.github.com>
Date: Wed, 23 Jul 2025 16:42:29 +0100
Subject: [PATCH 2/5] Update limitations.mdx

Clarify that Cloudflare SSL/TLS will only work for a subdomain if the DNS record is proxied
---
 .../ssl/edge-certificates/universal-ssl/limitations.mdx     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
index 686ec9403cdd3b6..2e5b8546dfc77c0 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
@@ -14,6 +14,10 @@ import { GlossaryTooltip } from "~/components"
 
 Universal SSL certificates present some limitations.
 
+## Proxy Status
+
+Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [Proxy Status](/dns/proxy-status/) to Proxied. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
+
 ## Hostname coverage
 
 ### Full setup
@@ -60,4 +64,4 @@ Due to internal limitations, Universal SSL certificates do not cover [load balan
 
 ## Browser support
 
-For more on browser support, see [Browser compatibility](/ssl/reference/browser-compatibility/).
\ No newline at end of file
+For more on browser support, see [Browser compatibility](/ssl/reference/browser-compatibility/).

From 26b9d8b9bdb36d3a2eb1e2645c786222c22777a5 Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 31 Jul 2025 10:15:25 +0100
Subject: [PATCH 3/5] Small Style Guide adjustments

---
 src/content/docs/dns/proxy-status/index.mdx                     | 2 +-
 .../docs/ssl/edge-certificates/universal-ssl/limitations.mdx    | 2 +-
 src/content/partials/dns/ssltls-subdomains.mdx                  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/content/docs/dns/proxy-status/index.mdx b/src/content/docs/dns/proxy-status/index.mdx
index 77b005f539d385d..78a343090f7a547 100644
--- a/src/content/docs/dns/proxy-status/index.mdx
+++ b/src/content/docs/dns/proxy-status/index.mdx
@@ -10,7 +10,7 @@ sidebar:
 
 import { Render, Example, Details, GlossaryTooltip } from "~/components";
 
-While your [DNS records](/dns/manage-dns-records/) make your website or application available to visitors and other web services, the **Proxy status** of a DNS record defines how Cloudflare treats incoming DNS queries for that record.
+While your [DNS records](/dns/manage-dns-records/) make your website or application available to visitors and other web services, the proxy status of a DNS record defines how Cloudflare treats incoming DNS queries for that record.
 
 The records you can proxy through Cloudflare are [records used for IP address resolution](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — meaning A, AAAA, or CNAME records.
 
diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
index 2e5b8546dfc77c0..fadede962b36f77 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
@@ -16,7 +16,7 @@ Universal SSL certificates present some limitations.
 
 ## Proxy Status
 
-Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [Proxy Status](/dns/proxy-status/) to Proxied. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
+Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [proxy status](/dns/proxy-status/) to **Proxied**. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
 
 ## Hostname coverage
 
diff --git a/src/content/partials/dns/ssltls-subdomains.mdx b/src/content/partials/dns/ssltls-subdomains.mdx
index f243314c9fc270d..100214a98528ddf 100644
--- a/src/content/partials/dns/ssltls-subdomains.mdx
+++ b/src/content/partials/dns/ssltls-subdomains.mdx
@@ -4,7 +4,7 @@
 ---
 
 :::note
-Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [Proxy Status](/dns/proxy-status/) to Proxied. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
+Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [proxy status](/dns/proxy-status/) to **Proxied**. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
 :::
 
 If your main domain is using Cloudflare's [Universal SSL certificate](/ssl/edge-certificates/universal-ssl/), that certificate also covers all first-level subdomains (`blog.example.com`).

From 577d756ce25ae953ea7d603bde5f59c3c4d537fa Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 31 Jul 2025 10:17:22 +0100
Subject: [PATCH 4/5] Add title to note and move it lower in the partial

---
 src/content/partials/dns/ssltls-subdomains.mdx | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/content/partials/dns/ssltls-subdomains.mdx b/src/content/partials/dns/ssltls-subdomains.mdx
index 100214a98528ddf..7509364e5359f30 100644
--- a/src/content/partials/dns/ssltls-subdomains.mdx
+++ b/src/content/partials/dns/ssltls-subdomains.mdx
@@ -3,10 +3,10 @@
 
 ---
 
-:::note
-Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [proxy status](/dns/proxy-status/) to **Proxied**. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
-:::
-
 If your main domain is using Cloudflare's [Universal SSL certificate](/ssl/edge-certificates/universal-ssl/), that certificate also covers all first-level subdomains (`blog.example.com`).
 
 For deeper subdomains (`dev.blog.example.com`), use a [different type of certificate](/ssl/edge-certificates/universal-ssl/limitations/#full-setup).
+
+:::note[Proxy status]
+Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [proxy status](/dns/proxy-status/) to **Proxied**. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.
+:::

From dfd005f3daf06b438bd9ce41ea54dce2055cbf5e Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 31 Jul 2025 10:18:30 +0100
Subject: [PATCH 5/5] Adjust title case

---
 .../docs/ssl/edge-certificates/universal-ssl/limitations.mdx    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
index fadede962b36f77..05a0e9d69003f08 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx
@@ -14,7 +14,7 @@ import { GlossaryTooltip } from "~/components"
 
 Universal SSL certificates present some limitations.
 
-## Proxy Status
+## Proxy status
 
 Cloudflare can only serve an SSL/TLS certificate for a DNS record when you set the record's [proxy status](/dns/proxy-status/) to **Proxied**. If you do not do this, the origin server your record points to will be responsible for supporting SSL/TLS connections.