Not able to get HTTPS for my website

anand · June 25, 2020, 10:20am

Hi all, I have several websites on Cloudflare and getting HTTPS to them has been pretty straightforward. But for this one custom-built PHP site, I am having trouble setting HTTPS up.

This is what I have done till now.

I have set SSL/Encryption to Full (strict) - I have it Flexible on my other sites, but for this I have set it to this since I guess that is what other posts on this community seemed to suggest.
I clicked on “origin server” and downloaded the files example.com.pem and example.com.key on my webserver. I see a origin certificate show up - BUT, Cloudflare did not verify that I downloaded them or not. I pressed okay and now the certificate shows up in the Origin server section.

Now, when I click on “Edge Certificate”, I don’t see any certificates. Most times when I load the page, it says Loading and the page hangs. I was however able to load the section once where it said ‘no certificates’

Also, I can’t find the option “Always use HTTPs” on the Page rules section. I do see the same option in the Edge Certificate section, but switching that on breaks my site and I get an error that reads

This site can’t provide a secure connection

.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

angelstyle · June 25, 2020, 12:30pm

hi
how to active cloudflare ssl on ir domain?
my domain is: https://afree.ir/ i activate cloudflare CDN but cloudflare ssl not activate

sdayman · June 25, 2020, 1:26pm

If there’s no Edge Certificate, then you may have to restart the process.

anand · June 26, 2020, 12:14pm

Hi @sdayman

Thank you very much. When I click “Enable Universal SSL”, I get an error that reads “SSL has been disabled for this zone (code: 1006)” -

I checked a few discussions on this topic here in the community, but they did not help. Could you help with this?

michael · June 26, 2020, 12:29pm

.ir is the problem here.

You will have to talk to support directly to see what the solution is. Either a dedicated certificate using LE as the CA, or a custom certificate upload are options, but I don’t know if they will work.

It would be really useful if you could respond back here with the official response you get for TLDs that are effectively embargoed by the US government, and US based CAs.