Custom SSL Cert & Configuration Assistance Required

Require assistance with our site configuration and Cloudflare. Not technical at all. have purchased RapidSSL Wildcard Certificate for our website(s) (*.rawfoodforpets.com), but i see Cloudflare current register the SSL certificate in the browser. Need the Cloudflare configuration changed to instead offer our certificates as customers in corporate environments complain that they receive browser errors when trying to access our sites.

If you upgrade to a Business (or Enterprise) plan, you can upload your own certificate.

But I am curious as to what browser errors they are getting due to a valid DV certificate.

Thank you for the response. almost all of our customers reported the following RFFP_CommonError_SSL_CloudFlare

Should have stated, CORPORATE customers. if via home dsl or mobile / wi-fi, no issue.

That looks like it’s hitting the server directly and the server doesn’t have a valid certificate. Do they have access to curl? This command should show some Cloudflare headers and certificate information:

curl -svo /dev/null https://www.example.com/ 2>&1 | egrep -v “^{.|^}.*|^* http.$”

Oh dear young man. I have NO IDEA what you just asked me to do? is there an online tool i could ask some of our customers to use to test perhaps?

1 Like

How about this: Have a customer open Dev Tools in Chrome (F12 key does this). If they select “Network” view, they should see a connection panel.

Then have them go to http://shop.rawfoodforpetc.com

I’m looking for the redirect to hit the Cloudflare server, as noted in my screenshot:

1 Like

Thank you, i will ask them to do so tomorrow. what does it mean?

reason i ask, having done so myself, it returns the same values? which server does not have a valid certificate as you proposed in your previous message?

Look for my circles, in order:

  • The HTTP URL
  • The IP address that it reached (should belong to Cloudflare)
  • The redirect to HTTPS (triggered at Cloudflare)
  • The server (Cloudflare)

ok, so then back to my question, how do i fix this? is this something Cloudflare can help fix? perhaps a configuration item. I bought wildcart DV cert (?) for our website (*.rawfoodforpets.com) from DigiCert, hosted at A2Hosting. This was installed by them. is there someone / process to help me resolve?

I’m still not clear where the issue is. As you say, from other places, it’s fine. So why are they having problems? In your DevTools, is that first http connection going to Cloudflare?

Which values were you seeing? And is the site working for you? Since I can’t replicate the problem, it’s very difficult to troubleshoot.

Working from home. No problem accessing from home or via mobile networks. it seems that when customers are behind corporate firewalls then the issue rears it head. truly sorry i cannot provide any additional information, know 2 little about the topic. I will ask them to perform the F12 trick tomorrow and send through screen snips with the details. perhaps this will help inform next steps or possible resolution.

1 Like

I’ve been following this conversation, but with nothing to contribute…how about a total shot in the dark? If it’s on, can you disable TLS 1.3 on the SSL/TLS app, Edge Certificates tab?

1 Like

Hi these forum names are horrible. like to greet (and thank) someone by their name. i have done so, thank you. having done so, what would i expect behavior wise accessing the site?

1 Like

Hi @ockert1, my hope is the protocol error your visitors are receiving will stop, I’d noticed a customer with the same error two days ago and switching off tls 1.3 made the error go away. Are you able to reproduce it yourself? If it’s only seen by visitors via their VPNs and not you, you may need to reach out to a visitor to ask them.

Edit - I was going to add that the above solution was not documented, but then noticed it is noted as quick fix idea 5 in this #CommunityTip, Community Tip - Fixing ERR SSL PROTOCOL ERROR. Your origin certificate is valid, so my hope is on this fix…

Hi @cloonan - thank you kindly. i cannot, but will ask my customers to test again tomorrow! Holding thumbs!

1 Like

Did you just turn off TLS 1.3? An SSL test shows it’s off right now, but 1.0, 1.1, and 1.2 still work.

Oddly enough, that domain and subdomain only have IPv4 addresses. Any reason why? That’s not something people usually do.

This topic was automatically closed after 31 days. New replies are no longer allowed.