NEWBIE help for subdomain not working

Thanks for being so patient.

I looked over the link… most of it is over my head. Do you think if I setup a Chat with GoDaddy and ask them about it and sent them the link they would walk me through it?

1 Like

Section 2 of that article has a dropdown paragraph for various configurations, including GoDaddy.

1 Like

I’ll give it a shot…

Thanks. I owe you a drink if you are ever in Maryland.

2 Likes

I had a Chat session with GoDaddy to ask them to install or help me install the Origin Certificate and Private Key… they said no need, that the SSL certificate was working fine.

When I mentioned that the SSL was working, but I still had an error in the Real Simple SSL pluging, saying certificiate could not be found, He said "You can simply uninstall the “Really Simple SSL” plugin and if there are no manually forced redirections will walk you through the steps.

That I will not do—unless I hear it is OK from someone here.

I am still having issues with my sub-domain. It worked with the CloudFlare App Cound Icon is gray, but not when it is Orange. I could leave it off… BUT it is still very picky on accessing the site. Prior links (Favorites) do not work.

Working Unsecure… must hand type

jennifer.dellazanna.com

  • List item

Not working when Cloud is Orange or linh shows HTTPS

Not Working if link has www.jennifer.dellazanna.com

It seems like Browsers will often add www to the address and then it does not work.

Thanks again for helping with my problems.

1 Like

Your server is not properly configured. It needs a certificate that covers the hostname of the site. Either explicitly, or as a wildcard under your domain. So we’ve made no progress since my original instruction:

1 Like

Does your server IP address end in 246?

If so, that was not stellar advice :wink: as there’s no proper certificate in the first place which could be working fine :slight_smile:

I assume you’ll also have a broken encryption mode selected on Cloudflare → Why you should choose Full Strict, and only Full Strict. Double check that as well.

1 Like

Sandro… Thanks for your help. I am learning a lot of new stuff, only understan abou 20%, but I have abetter understanding.

Yes, based on CloudFlare App/Site, my IP address ends in 246 (107.180.41.246). My SSL/TLS encryption mode is set as full Full. How would I correct a broken encryption mode selected on Cloudflare?

“there’s no proper certificate in the first place which could be working fine”

How would I corect it— I thought the SSL was working, I have a lock on the web page.

They took me to this site to check SSL Status-

I do not understand much of this, but the second Image shows some king of error when I did a DNS Check on MXToolBox

1 Like

Thanks for being patient… My lack of progress is not because of my lack of effort, I assure you. I created saved Origin Certificate and Private Key into separate files.I also save the PEM file.

Installing Origin CA certificate on origin server–is what I do not understand how to do. I hoped that GoDaddy would have been helpful— They seemed like they were trying, but some of their advice seemed opposite to what I was hearing here and on the video tutorials.

Am I able to install Origin Certificate and Private Key myself through Cpanel?

1 Like

Other than what I’ve mentioned twice, I don’t know. From the support article:

1 Like

Mentioning it twice— saying it the same way did not make it any clearer.

The instruction for installing the Origin Certificate is where I am getting lost. I have these installed and setup–as far as I know.

1 Like

I don’t use GoDaddy nor cPanel. You really need the support of your host in this endeavor. All Cloudflare can do is provide an alternate cert if your host has poor support for SSL/TLS. I know it’s a struggle, but GoDaddy isn’t known for being very helpful.

2 Likes

I do appriciate your time… I know you are frustrated trying to walk me through the process.
I couldn’t text message you through how to take out an appendix. I have nothing but good things to say about CloudFlare… I created and have saved the Origin Cert/key as a Txt and PEM file. I also saved the Private Key generated during that process as a Txt. I will try again with GoDaddy Support— I am sure I will get a different person. :slight_smile:

I want to do it by chat—so I can past the key/cert when needed. The chat does not have a way to upload a file.

Do you think the following wording is clear for what I need them to day.

"I recently installed CloudFlare to utilize their free SSL Cert. I have already installed the Private Keys, CSR and CRT, It looks liek it is working, but the process is not complete. I need GoDaddy to install the Origin Cert and Private key to complete the process-- I can not do this through CPanel. It has to be done by GoDaddy. " I will at least know I am asking the correct question/giving them the correct instructions. Then if they do not understand what I am asking, I can ask if they could kick it up to a higher support teir.

1 Like

It’s easier to ask them how to upload your own SSL certificate. And that you may have to upload the Origin CA Root Certificate as well if GoDaddy doesn’t accept your uploaded certificate as is.

Noted. My backup plan would be to ask on Reddit.

I just noticed this:

That’ll never work without a paid certificate here at Cloudflare:

I’ll go over the tutorial.

Here are 2 pics. It looks like stuff is correct, but Real SImple SSL has an error on the last step sayong Certif not found.

CPanel SSL  OK Cert 2

I did not paste the whole Key.

I did review that yesterday… jennifer.dellazanna.com is on one level away from dellazanna.com, so it is not too deep.

I can’t access the sub if I have the CNAME DNS record with an Orange Cloud.

Sandro said… in this thread "Does your server IP address end in 246?

If so, that was not stellar advice :wink: as there’s no proper certificate in the first place which could be working fine :

I assume you’ll also have a broken encryption mode selected on Cloudflare → Why you should choose Full Strict, and only Full Strict. Double check that as well."

So… they said the domain does not have a “proper certificate” not sure how to determine that or correct it.

That might be the original certificate from GoDaddy. Best practice on certs is to include, literally, dellazanna.com and *.dellazanna.com. This is typically the default for Cloudflare’s Origin CA cert.

I don’t know why the top image didn’t include the www or jennifer subdomains.

If you paste the certificate text (not the key text…that’s supposed to be a secret), this tester should show you which hostnames it’s valid for. It should be the domain plus the wildcard subdomain.
https://www.sslshopper.com/certificate-decoder.html

Dam, I think you might be correct, but no idea how to fix it. I had a free SSL Cet through ZEN plug in. This is what I got when I ran it through thta site.

Certificate Information:
Common Name: dellazanna.com
Subject Alternative Names: *.dellazanna.com, dellazanna.com
Valid From: July 20, 2021
Valid To: October 18, 2021
Issuer: R3, Let’s Encrypt Write review of Let’s Encrypt
Serial Number: 039569c1913b2e16c0d7c447fa6c0a5af8ea

I contacted Zen after GoDaddy said they had to delete the cert… and Zen said they do not save anything. (again I do not understand the process).

Is there a way to get rid of all certificates and start fresh…

That’s all up to the host. It’s their server. Cloudflare only provides an Origin cert in a pinch.

My certificate was stil from the old Free SSL. GoDaddy could see the CloudFlare Certificate, but it was no associated with any domain— That is what he said.

GoDaddy walked with through deleting it and all SSL certificates and he manually deleted it from the server.

I would like to start over with CloudFlare… start from scratch, so I know I followed the steps in order. I made a Cert Signing Request. Any Red Flags I should be aware of deleteing the domain and starting over?

I read “If DNSSEC is activated via Cloudflare, remove the DS record from the registrar configuration in the DNS app before removing your Cloudflare domain.” and I did that.