Maddening SSL Catch-22?

Hi All,
Emergency issue here (aren’t they all?)… can’t get the https version of my site to load through Cloudflare.

I think I’m in a Catch-22 situation. In order to get a Universal Cert issued support has told me I must have my traffic to my domain (zwiftinsider.com) proxied through Cloudflare. I get that.

Problem is, if I do that, https traffic is broken until that certificate gets issued.

My Universal Certificate says “Pending Validation”. I’ve tried setting my SSL mode to Off (not secure), tried setting it in Development mode… but still https requests are resulting in an error.

Is there some way https requests can hit my server (where I’ll redirect them to http) while still having traffic proxied through Cloudflare? Any ideas?

This seems like it would be a common situation–it seems any site that ran entirely through https moving on Cloudflare would encounter this problem.

Changes I’ve made just now, based on what I’m reading in the forums…

I’ve changed my zwiftinsider.com and www.zwiftinsider.com DNS records to the grey cloud based on what @domjh says here. I’ve done this even though “faiz” at Cloudflare support told me “You will need to proxy the traffic to Cloudflare by changing the authoritative nameservers and mark the DNS records to orange-cloud for the Universal SSL to be issued.”

I’ve done this because it gets my site working again, https traffic functions with the grey cloud.

I also clicked to “Disable Universal SSL” then clicked again to re-enable it, in order to start the cert process again. This based on #3 “Quick Fix Ideas” here.

1 Like

Hi, I see your ticket with support and the issues here, I also followed the thread to the #CommunityTip on cert provisioning, however I saw a cipher mismatch when visiting the site so this tip may also give some ideas, Community Tip - Fixing ERR SSL VERSION OR CIPHER MISMATCH in Google Chrome.

In this instance, I see the name servers were confirmed just yesterday. That is a necessary first step to issuing the certificate which normally takes about 24 hours after name servers are confirmed, assuming ssl is enabled and development mode is disabled.

Currently, development mode is on, so the certificate won’t issue & SSL is disabled on the SSL/TLS app, Edge Certificate tab at the bottom. You’d need to enable universal ssl for us to issue the ssl cert. I see a valid certificate on your origin, so once you have a universal ssl certificate issued, you can use the Full (Strict) setting on the ssl/tls app.

1 Like

Thanks for the reply!

I had disabled the universal SSL a few minutes ago with the intent of waiting 5 minutes then re-enabling (to get the verification process started again) but I forgot to re-enable it. :slight_smile:

Just turned development mode off as well.

Hopefully this will get the universal cert provisioned and I can start using Cloudflare within 24 hours.

FYI: got this all taken care of. Basically, the problem was Cloudflare support told me I had to have Cloudflare set to the orange cloud setting in order to get the universal cert issued–and that’s not at all the case. Someone should alert support to this.

I set it to grey cloud, which made it so my visitors didn’t get SSL errors… and once the universal cert was issued I could activate the orange cloud and everything worked great. Very happy with the speeds and reduced server load I’m seeing so far!

1 Like