Help w/Your plan includes a shared Cloudflare Universal SSL certificate

“Your plan includes a shared Cloudflare Universal SSL certificate.”

I can’t seem to find where or how to use this free SSL certificate. I did have a free one from my domain host (infinityfree) that expires every three months, which I have since let expire. I never got any Cloudflare DNS info when I signed up and added my site that I’m aware of.

===> How do I use the Cloudflare Universal SSL instead? Please don’t direct me to the webpages on the topic, I’ve read them several times and see nothing that tells me how to actually activate or use it.

Since I have no active SSL on my site (dwdc.net), I cannot access it via my web browsers.

Help appreciated!

That needs to be fixed at your host before you add a site to Cloudflare. But it’s never too late to correct that. Cloudflare can generate an origin certificate through this method:

2 Likes

Let Cloudflare generate a private key and a CSR - requires specifying whether the Private key type is RSA or ECDSA. <<< what does this mean? Do I have to choose and if so which one, my site is just a small personal one.

I’ve always gone with the default settings: Cloudflare generates with RSA for the listed hostnames with a 15 year expiration.

So if I do according to the above linked info, is that then allowing my site to have SSL certificates for my main domain and any subdomains?

The wildcard will include all first level subdomains (sub.example.com), but not deeper than that (deep.sub.example.com).

I was able to u/l the key to my domain’s SSL/TLS section but it won’t take the certificate, the error says: The certificate uploaded is NOT for the domain name dwdc.net (CloudFlare Origin Certificate was seen) .

Paste it into here and see what it says:
https://www.sslshopper.com/certificate-decoder.html

Here’s the result …
Common Name: CloudFlare Origin Certificate
Subject Alternative Names: *.dwdc.net, dwdc.net
Organization: CloudFlare, Inc.
Organization Unit: CloudFlare Origin CA
Valid From: April 15, 2021
Valid To: April 11, 2036
Issuer: CloudFlare, Inc.

I didn’t paste the serial # for obvious reasons.

Then their error message is incorrect. It’s clearly issued for that domain name. Unless they’re only checking the Common Name (CN). But it’s certainly valid for that domain. Is your host able to assist with this?

My host is InfinityFree so I doubt it but I’ll ask them.

My host’s reply … for which I don’t know what they mean LOL Why would I want a certificate that I have to renew every three months verses yours that is good for 15 years!?

"Cloudflare’s Origin Certificates could be used to encrypt the connection between Cloudflare and your website, which is useful if you’re using Cloudflare on your website, which you aren’t.

So your best bet is to use a Let’s Encrypt (or GoGetSSL) certificate and install that on your site. But yes, you will need to renew them by hand every three months."

@sdayman I posted my host’s reply below, what do they mean I’m not “using Cloudflare” on my website? My website is listed here in CF. Why would I use an SSL that expires every three months -vs- CF’s that lasts 15 years? Sorry, but this is confusing …

If you want a ton of screenshots, let me know, but to sum up:

  • Your domain is using EPIZY name servers.
  • Your domain resolves to an IP address that belongs to Wildcard UK Unlimited
  • Loading your site shows it’s an NGINX server, not Cloudflare.

There’s absolutely no Cloudflare involved in viewing your website.

So I did this for no reason? I have a 15 year certificate that I can’t use? What is the solution? My site is very small, insignificant to most, so I don’t want to spend a heap of money on hosting, though I am looking for a proper host that won’t cost a lot of money. Do you have any recommendations?

The reason is because you’re posting in a Cloudflare forum about how to get SSL on your site. But if you’re not actually using Cloudflare, you’ll have to find a suitable solution outside of Cloudflare.

Or…change your name servers from EPIZY over to the two that Cloudflare lists for you on your DNS settings page at dash.cloudflare.com

1 Like

I appreciate your replies, they’ve been very helpful. But herein lays the problem … when I signed up for CF (free) and got a welcome email, I didn’t get any DNS for which to change to, or if I did I can’t find them. How do I get access to the CF DNS so I can change them at my domain registrar?

From the link you just provided, going to the DNS tab, here’s what I see …

Partner hosted zone

Your DNS zone file is hosted by Byethost , a Cloudflare partner. Manage your DNS records at their website.

I don’t see where to get CF DNS for my site.

Does Byethost sounds familiar to you? You’d have to disable their Cloudflare connection.

If you can’t do that, you’ll have to open a support ticket here to see if they can break that connection.

To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.

1 Like

No, I don’t even know who that is (Byethost), my registrar is DirectNIC, and my web host is InfinityFree.