Https://main.domain is secure (valid cert), but https://www.main.domain is not?

I hava free Cloudflare account with 3 domains setup. The web files are hosted at NameCheap, but I have the DNS records on Cloudflare. They all seem to be mostly working, but one of the domains works (i.e. the SSL cert is valid) for the main domain, whereas the www subdomain gives an invalid certificate ( Error 526) for

Do I just need to adjust something in the DNS records on Cloudflare for that ?

It sounds like your host doesn’t have the cert set up for the www subdomain. Double check what certs you have installed there.

That was correct. The certificate was issued for the FQDN and not the www subdomain. My options I guess are to re-issue it through NameCheap or change the setting on Cloudflare for SSL/TLS from Strict to Flexible. I think I’ll try the latter first.

The certificate does not include the www version of the domain due to the automatic HTTP-based validation completed only for on the Sectigo side. We are sorry for this inconvenience.

If you wish to include both and, you may reissue it manually and use the DNS-based (Add CNAME) or Email-based validation instead.
For the detailed reissue guide, please follow this link:

Alternatively, since you are using Cloudflare SSL, you may switch the SSL mode on the Cloudflare side to Flexible. This way the error will be avoided.

That’s terrible advice and I’m disappointed that they’d recommend an insecure setup.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.