I disabled universal domain certificates, but one of the domains still appears with a certificate and has an error (caa_error)

I disabled universal domain certificates, but one of the subdomains still appears with a certificate and has an error (caa_error). Domain pentesgaspar.com.br, subdomain catalogo.pentesgaspar.com.br.

The domain is hosted on A2hosting and the configuration is done by cname, although the subdomain catalogo.pentesgaspar.com.br is not currently using cloudflare

catalogo.pentesgaspar.com.br is not proxied, hence you are connecting straight to your host. This is also why disabling the Universal certificate does not have any effect, as that certificate is not related to Cloudflare.

https://www.pentesgaspar.com.br on the other hand will fail, as you dont have a certificate on Cloudflare now.

https://www.pentesgaspar.com.br is a redirect to https://pentesgaspar.com.br and is working

I’m connecting directly to my host with catalogo.pentesgaspar.com.br because when I activate the proxy for cloudflare the error caa_error continues and the browsers have the error SSL_ERROR_NO_CYPHER_OVERLAP (firefox) or ERR_SSL_VERSION_OR_CIPHER_MISMATCH (chrome) and the page does not open

It is not, I am afraid. It shows exactly the behaviour when there is no certificate


Ehm, yes of course. That is what what you want. You disabled the certificate.

It is now activated. If I activate cloudflare in catalogo.pentesgaspar.com.br the error will appear in the browser.

Awaiting dns propagation. As soon as it propagates, the error will occur.

And you re-enabled Universal SSL on Cloudflare again?

But that is actually the opposite of what you initially asked for.

Sorry, I have been having this problem for some time. Trying to solve it. And he had disabled universal certificates in an attempt to stop the universal certificate of the subdomain catalogo.pentesgaspar.com.br from presenting a problem.

Apparently any subdomain that is active on cloudflare in that domain has an error

So you actually want to use SSL via the proxies?

Post a fullscreen screenshot of https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

So SSL is enabled again, however the certificates couldnt be issued yet. It seems to be a validation issue and as you are on a partner setup you best contact your host at this point. They should know what is necessary from their side in this case.

They asked to contact Cloudflare support

To ask what? The domain is managed by them, not Cloudflare. They probably need to set up certain DNS records for the certificate to validate, but that is something they have to know as partner of Cloudflare.

Hello. The settings in CloudFlare are ok. The settings at the provider (A2Hosting) are ok. The caa_error errors in the universal certificates do not disappear and the website catalogo.pentesgaspar.com.br presents the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH

When I disable CloudFlare everything works.

It seems to me to be a problem with universal certificates.

I’ve checked everything according to each tutorial and Cloudflare step by step and everything is ok.

I do not know what else to do

That is what I have been saying three days ago and which is also evident from your screenshot. Again, you need to clarify this with your host, so that they set whatever domain verification settings are necessary for Cloudflare to issue the certificates.

You can also contact Cloudflare’s support, but I rather doubt they would override that and manually issue them. Your host is a partner and should know exactly what to do.

How can I contact clouddflare support?

This topic was automatically closed after 30 days. New replies are no longer allowed.