Consistently receiving Code 1006 enabling Universal SSL after TLS/SSL enablement

Hey everyone,

About five years ago I disabled Universal SSL for my domain, (not my real domain, obviously).

Yesterday I re-enabled it so that I could use HTTPS proxying with Cloudflare. To do this I set SSL/TLS from ‘Off’ to ‘Full (strict)’ with the intention of using an Origin Pull configuration, and went to enable Universal SSL.

When I attempted to enable Universal SSL I received the error code “Code 1006” - “SSL/TLS is disabled for this domain”. I cycled the SSL/TLS enablement setting back to off, Full, and Strict again, and gave Cloudflare about 10 minutes between cycling the setting and attempting to re-enable Universal SSL.

The same error resulted, and I’ve tried again today to enable Universal SSL and I’m still getting the same Code 1006 error.

The only relevant Community post I could find for a domain actually using Cloudflare directed the OP to contact support, which I have tried and my ticket was automatically closed with a note to try the Community forums first. [Edit to add, ticket # 2360955.] Any help or tips would be appreciated, and although I assume this isn’t something that the Community can offer a fix for, I’m happy to be wrong about that.


1 Like

I worked some more on this - I did find a few other forum posts about this error code in the context of TLS enablement, all of which quickly end in contacting support and don’t have any other substantive troubleshooting steps.

I was able to locate an error “Code 1006” in the Cloudflare API docs, but the instance of that error refers to quota limits being exceeded for the Load Balancing service, and doesn’t seem to apply to HTTPS being enabled or disabled.

Still receiving the error message: “SSL has been disabled for this zone (Code: 1006)”.

So I decided to try to resolve this through the API. I executed a GET request to the API:

$ curl -X GET "[MY_ZONE]/ssl/universal/settings" \
     -H "Authorization: Bearer [MY_TOKEN]" \
     -H "Content-Type: application/json"

And got:


Well, that makes sense given the error the console gives me, so I tried enabling Universal SSL:

$ curl -X PATCH "[MY_ZONE]/ssl/universal/settings" \                                                                                               127 ↵
     -H "Authorization: Bearer [MY_TOKEN]" \
     -H "Content-Type: application/json" \
     --data '{"enabled":true}'

And it failed:

 {"success":false,"errors":[{"code":1006,"message":"SSL has been disabled for this zone"}],"messages":[],"result":null}

If anyone could tell me whether or not I’m just missing something obvious, that would be great. Through the console I have the SSL/TLS settings to Full (strict), but any time I hit the Enable Universal SSL button, or try to enable the feature through the API, it fails.

Edit to add – I’ve gone through this same process with a few other zones managed by the same Cloudflare account over the past week and haven’t had any issue with enabling Universal SSL; I’m wondering if there is a particular issue with my domain that isn’t being enumerated more clearly by the console or API.


1 Like

Sorry for the pain on this @user36114 I have added myself to your ticket, reopened it, and put into the queue for my colleagues to review. You could try incognito mode while we wait for a reply, but I do not think that will have an effect, +1 to this comment as I think that is accurate…

1 Like

Thank you for the quick reply and action @cloonan! And no problem! I understand the “why and how” regarding community based support for non-billed zones. It’s clear a lot of work and thought went into the support flows. I have some feedback from my experience (and a bug report) with this process. If there’s a more appropriate place than here to route that, let me know and I’d be glad to!

Thanks again!

1 Like

Thank you, we are always looking to improve that flow and feedback is welcome at support AT Cloudflare DOT com, if you share that ticket number here I’lll make sure the team sees the input.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.