All subdomains seem to have the net::ERR_CERT_DATE_INVALID error

What is the name of the domain?

https://mail.121qa.com

What is the error message?

Your connection is not private Attackers might be trying to steal your information from mail.121qa.com (for example, passwords, messages, or credit cards). Learn more about this warning net::ERR_CERT_DATE_INVALID

What is the issue you’re encountering

website not secure

What steps have you taken to resolve the issue?

enabled Cloudflare SSL full strict

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

visit https://mail.121qa.com

Screenshot of the error

mail.121qa.com is not proxied…
https://cf.sjr.org.uk/tools/check?313ea55c88354610b8bcbf3378ecc7ed#dns

HTTP is redirecting to mail.121qa.com:2095, instead you should have it redirect to https://mail.121qa.com.

For https://mail.121qa.com you first need to update the SSL certificate on your server/host as that is where the invalid certificate is installed (it expired yesterday). Once that is working you can enable the Cloudflare proxy if you wish.

Hi thanks for the reply!
I enabled the proxy

Do i create that redirect rule within cloudflare?

For https://mail.121qa.com the previous certificate was on Bluehost, but since we now moved the DNS to cloudflare, how do we get rid of the previous expired certificate so the Universal Cloudflare one can take place?

You must still have a valid SSL certificate on your origin so the connection between Cloudflare and your origin is secured. Use only “Full (strict)” or “Strict” SSL modes on Cloudflare. Any other configuration is not secure.

You can get a free certificate from LetsEncrypt or you can use a Cloudflare origin certificate (note that requires the use of the proxy)…

You can redirect from http to https for the domain and all subdomains by enabling “Always use HTTPS”, or by using a Redirect Rule if you want to set for individual names.

ok got it thank you - I will try setting up the Origin certificate and see if that solves the issue since we no longer want to use the certificates from Bluehost.

I also already have the “Always use HTTPS” already enabled.

I assume once we get the Origin certificate installed, everything should go back to normal?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.