Deprecated - Subdomain too deep

This tutorial is deprecated in favour of Fix VERSION_OR_CIPHER_MISMATCH · Cloudflare SSL/TLS docs


This tutorial covers a possible reason for the SSL_ERROR_NO_CYPHER_OVERLAP and ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors (Firefox and Chrome respectively) when seen on a subdomain.

The Cloudflare universal certificates cover and * This means that it covers any subdomain one level below the domain you signed up with.

It will cover and, as these are one level below the root domain,

The certificate will not cover or, however, as these subdomains are too deep.

You either need the $10/month Advanced Certificate Manager from Cloudflare, on which you can specify the subdomain you need to cover, or to set the record to :grey: and bypass Cloudflare altogether.
If you have or can get a Business or Enterprise plan, you could also upload a custom SSL certificate with the required hostnames.

Other common issues with SSL/TLS on subdomains:
Deprecated - SSL/TLS not working on subdomain
Advanced Certificate Manager documentation:
Advanced certificates · Cloudflare SSL/TLS docs

Tutorial Reference: CT-11

Reviewed: 07/21

This is a Community Tutorial, most are wiki posts, so can be contributed to by Regulars and MVPs here. If there is a tutorial you would like to see, you can request one here.

If you would like to provide any feedback on this tutorial, please post in the #Meta category, tag your post #TutorialFeedback and let us know the Tutorial Reference above.

Other great resources on this community include the Community Tips . These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. Also you can view Expert Tips, great posts on the community from people in the know that may help you with your issue.

We encourage users to check out these great resources and the Cloudflare Support Centre before posting