How to bypass SSL errors


#1

Dear users,

a subdomain of my original website has a SSL error: the protocol works but the common name is incorrect.

Without cloudflare I can also visit the sub website bypassing the SSL error.
When I enable cloudflare fot that subdomain, I receive an error telling me the server (my website) and client (cloudflare proxy) don’t agree with each other.

Is there a way to bypass this matter?

Thanks


#2

The likely issue is that the domain is a second subdomain, eg sub2.sub1.example.com. The SSL certificate only matches *.example.com, and a second subdomain would require a certificate matching *.*.example.com, something Cloudflare doesn’t provide. Let us know if this isn’t the issue.


#3

I can’t edit the SSL certificate because I’m in a shared hosting plan, and my provider gives me only this.

I’ve thought to not use the SSL on my origin and serve the files to clients in SSL mode “converted” by cloudflare.

Is it possible?

Thanks


#4

Make sure your DNS entry for your domain name or the subdomain www is orange cloud :orange: in the dashboard. This will serve files with Cloudflare’s SSL certificate. Then make sure the SSL setting in the Crypto tab is set to “flexible”, this will contact the origin server over HTTP (non-SSL) but serve files to the visitor as HTTPS.


#5

I can’t.

I use cloudflare only for a third-level domain, because I can’t edit the NS of the second-level domain.
So I create a subdomain on my website and assigned it to cloudflare.
Now I can use cloudflare only for a third-level domain, and here I have problems with the SSL certificate.
In http mode (not ssl) it works fine, but in ssl mode there is the problem.

Please help!

Thanks


#6

Hi,

now I turned off the SSL setting for my domain.

I continue to get the SSL error

How can I fix this issue?

Thanks


#7

Whats the domain?


#8

The subdomain is http://dist.sharecontacts.org/
In http mode it works, in https mode I get an error, and in crypto settings I’ve turned off the ssl mode.

Help!


#9

Your domain does not have Cloudflare’s nameservers set.


#10

I’ve already written that the second-level domain isn’t assigned to cloudflare, but I’ve assigned the third-level.
I can’t edit the authoritarian NS of the second-level domain.

Here you can see how the DNS query for the third-level domain is assigned to cloudflare.
https://www.dnswatch.info/dns/dnslookup?la=en&host=dist.sharecontacts.org&type=A&submit=Resolve

Now, I’ve turned off the SSL setting for this domain, but I continue to get the error when I visit https://dist.sharecontacts.org
The error is ERR_SSL_VERSION_OR_CIPHER_MISMATCH

How can I fix it?

Thanks


#11

Are you sure the domain is properly set up with Cloudflare in the first place? Can you post a screenshot of the overview screen showing your domain’s status?


#12

The status is DNS pending.


As you can see, I can’t assign the second-level domain to cloudflare, but I assigned only the dist subdomain, and about DNS, it works.
The problem is on my origin, the certificate doesn’t authenticate the subdomain “dist”, and I can do anything.

I’ve turned off the ssl, but the https -> http redirect doesn’t work.

How can I fix?

Thanks


#13

Let me try to retrace what you - presumably - did.

You created a Cloudflare zone for sharecontacts[dot]org but, not being under your control, did not actually change the nameservers and hence did not fully activate it. Then you created a dist host and proxy it through Cloudflare to the actual server?

Is that correct? If it is, it would be a somewhat peculiar setup and I’d assume the certificate would not work because your domain never validated within Cloudflare.

In short, I am afraid but I guess that setup wont be possible.


#14

Yes, you’re right.

The certificate of dist.sharecontacts.org on my actual server doesn’t work. It authenticates a wrong host.

Please help!


#15

As I said, your setup is most likely not possible. You either change the nameservers of sharecontacts or use another domain.


#16

I have another domain hosted on cloudflare, and this is hosted correctly.
As you can see https://www.scitcdn.ga/ is correctly visitable without SSL errors.

But yet, on the origin server, the certificate is headed to another domain, and I have not problems.
This is the crypto tab on cloudflare:

There is the status with active certificate.

Why this isn’t available for the sharecontacts domain? Because I can’t edit the second-level NS?

Thanks


#17

Yes, that domain is properly configured for Cloudflare. The other one is not, hence it wont work.


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.