Issues with SSL?

#1

I ran the following on my terminal “curl -svo /dev/null --resolve ae-stage.dev:443:216.87.74.136 https://ae-stage.dev

Below is parts of the response. Can anyone help me interpret and how can I fix? I’m using Flexible and Universal SSL. The server has a valid SSL for *.mydoman.com … is there a way for me to bridge my valid SSL with Cloudflare? Thanks

— … Report … —

  • subjectAltName does not match ae-stage.dev
  • SSL: no alternative certificate subject name matches target host name ‘ae-stage.dev’
  • stopped the pause stream!
1 Like

#2

Your origin appears to have a valid cert for a different domain, so you could use Full (not full strict). However it appears you may also not have a virtual server for https or lack content as the curl command results in a 404:

curl -sIkvo /dev/null --resolve ae-stage.dev:443:216.87.74.136 https://ae-stage.dev

  • Server certificate:
  • subject: C=US; postalCode=80202; ST=CO; L=Denver; street=110 16th Street, Suite 506; O=Agile Education Marketing; OU=Tech; OU=Secure Link SSL Wildcard; CN=*.agile-ed.com
  • start date: Jul 6 00:00:00 2018 GMT
  • expire date: Jul 16 23:59:59 2020 GMT
  • issuer: C=US; ST=VA; L=Herndon; O=Network Solutions L.L.C.; CN=Network Solutions OV Server CA 2
1 Like

#3

It sounds like there is a TLS/SSL certificate on the server, but it’s not for your domain. You can try Full (not strict) SSL mode here and see if that works.

0 Likes

#4

Many thanks @cscharff, @sdayman. Would buying either the “Dedicated SSL Certificate” or " Dedicated SSL Certificate with Custom Hostnames" allow Full(strict)? Does this process include placing a Cert on the server? Thanks again.

0 Likes

#5

Neither of those change the status of your server. Your server needs a certificate that has your domain name on it. You can get a free Cloudflare Origin certificate you can copy and paste into your host panel’s SSL section if they support it.

1 Like

#6

@sdayman. Definitely saved me from going down a stray path. So this is what I need from that link : Step #2f

Step 2 - Install an Origin CA certificate at your origin web server

Adding an Origin CA certificate to an origin web server requires several general steps:

  1. Upload the Origin CA certificate (created above in Step 1) to your origin web server.

  2. Use the linked installation guides below to update your web server configuration to point to the certificate.

Thanks - this is all very alien to me.

1 Like