HTTPS does not work on third-level domains

[moragames]

After being away from Altervista for a while, I was setting up this profile from scratch for a new project.
Non-Wordpress account (AlterSito, right?)

In an attempt to get rid of the classic "The connection is not secure, malicious users could [...]" error, I obviously enabled HTTPS from the resource control panel. I waited a bit, and then it worked:
going to moragames.altervista.org correctly uses the https protocol, and the connection is secure.
Double check, on the control panel even if I still see "HTTPS is being activated", if i click "Manage HTTPS" the page says "HTTPS ENABLED. The HTTPS protocol allows access to your site's content via a secure connection."

I then discovered that you offer third-level domains, and I tried using mine: pvz.moragames.altervista.org. But here, even though https is enabled (and works on the original domain), I'm redirected to use http, and consequently, the warning about the insecure connection.
Is this normal, or am I missing something? Why isn't a subdomain covered by the protocol? What is the reason for the partnership with Cloudflare?

Could I fix this by editing the .htaccess file with the following content?

Code:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule .* https://nome.altervista.org%{REQUEST_URI} [L,R=301]

If so, is this the only option I have if I want to use https on all subdomains?

[alemoppo]

Hello.

You did everything correctly. Unfortunately, it's not possible to enable HTTPS for fourth-level domains on AlterVista. I suggest using the subfolder method, for example: "moragames.altervista.org/pvz"

AlterVista no longer has a partnership with Cloudflare because now HTTPS is supported natively by AlterVista.

Bye!