Can I use ssl for .ir domains?


#1

Hi,
I activated cloudflare for my website yesterday and everything was ok.
but today I can’t reach my website because of ssl error.
I aslo use let’s encrypt free ssl which my hosting provider is offering and really simple ssl wordpress plugin.
the cloudflare status is: Ineligible for SSL (I think because my websitie is a .ir domain)
my website is: windowsmag.ir
now my question is that if cloudflare ssl can’t be used for .ir domains, how can I disable it and use my own ssl.
I just need the cdn of cloudflare.
Thanks for any help


#2

I don’t think this has something to do with your TLD. A certificate is related to the 2nd evel Domain not to the top level. (.ir)

The browser shows
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Since CloudFlare uses recommend SSL settings regarding version and ciphers this is either something that must be sorted out on your webserver, certificate or it’s caused by an outdated operating system or browser on the client side. (Windows XP with IE 6 for example).

Even SSL Labs are not able to check your cert.
Which SSL setting do you use?

You can try “Flexible”. With this settings, CF will provide the SSL cert regardless if your server is set to use SSL. But be aware that traffic between CloudFlare and your server might be unencrypted. But you can test it that way.

You can use your own certificate with CloudFlare on a paid plan

Good article:


#3

Hi,
I asked my hosting support and they told me that free let’s encrypt ssl won’t be available when you change the dns of the website. that is why the website is down.
they told me that I should use the cloudflare ssl.
so I disabled the free ssl in my hosting panel to see what happens.
but I can’t reach my website yet.


#4

American CAs have different interpretations of and approaches to US law, but they may do things like refuse to issue certificates for certain ccTLDs.

Cloudflare’s primary CA, Comodo, states that they “cannot issue ssl certificates for registrants in” Iran.

https://support.comodo.com/index.php?/Knowledgebase/Article/View/989

The question is how Cloudflare and Comodo currently handle the situation.

One of Cloudflare’s go-to CAs – GlobalSign – is not American.


#5

Ouch. Good to know!

@hs.farnia
Interesting. Did they tell you why exactly? :thinking:
I can imagine some things but…


#6

for now I have to deactivate cloudflare due to restrictions.
thanks for your help guys.


#7

This topic was automatically closed after 14 days. New replies are no longer allowed.