Cloudflare SSL not working on subdomains

In my principal domain,, the SSL works just fine thanks to Cloudflare but in the subdomain it says ERR_SSL_VERSION_OR_CIPHER_MISMATCH and I don’t know what to do. I’m writing https:// before the URL and as I say in the principal domain works just fine but I get the error in the subdomain.

What can I do for fixing this?

Our standard SSL does not support more than one subdomain. In your current setup you have www and art as subdomains. If you take the WWW out it should work fine.

I don’t understand what you mean, I only have one subdomain: one is for the site and the other is for WordPress. Can you explain me please?

The page you are referring to is loading via In that example both “www” and “art” are subdomains for You need to check the A records in your account and make sure that the “art” record is just “art” and not a combination of “www” and “art”. That will result in your page loading instead at and the SSL should work (now that the 2nd subdomain is gone).

I have tried what you suggested and I lost the access to my subdomain: DNS_PROBE_FINISHED_NXDOMAIN

What can I do? Can you guide me please?

Looks like you set your settings back and the page is loading again from the “” subdomains again. After some further checking there appears to be a redirect happening at your origin that is adding the WWW back even after you changed your A record. Which is causing the problem. Since you are using WordPress that could be a settings change in the ADMIN area. Otherwise, there is a redirect occurring at the server (before we are involved).

Long story short, if you want your site accessible via SSL at art. you will need to disable the redirect at your origin adding www. Once that is disabled you would want to have the A record of art. without www included.


If you want to have the two level subdomain with www and art you would need to add-on the Dedicated SSL with Custom Hostnames feature ($10/month) to get the SSL working with the two level subdomain.

If this still isn’t making sense, please submit a support ticket and share the ticket number with me. We might need to get into more detail than is ok in a public forum.

1 Like

I removed the www of the art on DNS and still can’t access to my subdomain

Sorry for any confusion. Even if you remove Cloudflare from everything and go straight to the server where your site is hosted, there is a redirect setup that is adding WWW. You will probably want to get that turned off (could be a WordPress setting).

That is why even when you fixed your DNS with us, the page wasn’t working properly.

I added that on the .htaccess file but I removed it, still not working.

Please let me know the ticket number you get back from emailing support so I can put this in front of the right people.

supportATCloudflareDOTcom from your account email address.

My ticket is #1392741.


1 Like

It looks like the situation is resolved. Do you need further assistance?

No, thanks, all is working now.

Thanks for all your help!

1 Like

That’s great news. Thanks for your patience!

hi ryan need some help… we are also using subdomain and SSL not working… we redirect http to https then www to non www… is that the issue? can i just use http to https and only non www, so that cloud be fixed?

What is the domain and subdomain? Typically, the Cloudflare certificate is valid for and *

That will handle as well as,, etc.

If you’re using HTTPS, then you don’t need to set specific redirects. The “Always Use HTTPS” option on the Crypto page will do this for you. Though if your subdomain’s SSL is broken, that will probably cause a problem.

sdayman dont provide wrong info… just stay away if you dont know anything

1 Like

No need to be rude.

Here’s an example as to how Cloudflare SSL works:

I have a domain, Cloudflare issues an SSL certificate for They add * to that certificate.

Now I have SSL for and

I also have a mobile redirect to It’s covered by the same certificate (I just checked).

What Ryan means is it doesn’t support a sub-subdomain, as mentioned by Ryan two posts below the one you quoted. In my example, if I tried, it isn’t covered by the * wildcard. It would need *.*, which is why he recommended a Dedicated SSL certificate with custom hostnames later in the discussion.

you have no idea what i am saying…anyways forget it, lets see what he reply

My reply is a request that you show more respect to the other members of this community. Even if you think his answer was wrong or off topic (not true in either case), there’s no need to be rude to those who are trying to help.

If you can respond with some of the clarification @sdayman requested we should be able to help more.