Shared SSL Certificate not working on one domain (all of a sudden)

dash-crypto
#1

I have several websites which share an IP address. So I setup a shared Origin Certificate, added all of my hostnames (including wildcards) etc. This worked great, until this morning. all of the sites redirect to https automatically, all said “valid certificate”, worked great. (First set this up in mid January and all sites have worked as intended since then) until…

This morning I go in to do some work on one of the sites and notice that https no longer works. I know it was working as recently as yesterday, because I was working on the domain yesterday. I have deleted and re-created the certificate. Even deleted and re-created the entire site in cloudflare. The only thing I can find that might be the issue is a setting I have no control over. On the domains that do work, the Certificate type is “Universal (Shared)”, on the one domain that does not work any longer, the Certificate type is just “Universal”. But they are all the same Certificate…

Just not sure what to even try next.

#2

Oh! So…that (Shared) means it’s an old Universal certificate that has a ton of domain names in it. The new Universal certs don’t say “Shared” because it has only your domain listed in it. It’s a nice new feature.

Anyhow…that shouldn’t have any affect on the Origin Certificate. I’ve never tried piling a ton of domains in an origin certificate.

On second thought…maybe it is related. With the new Universal certificate, Cloudflare may very well be checking for matching domain names for tighter security.

I’m going with that as my final answer. You need Origin Certificates that only cover example.com and *.example.com

#3

I have reconfigured so that each site uses its own certificate. And I still get the identical same issue. All the sites that used to work, continue to work (And say shared, even after setting up a new certificate)

The reason I initially used the “shared” version was because in IIS it yells at you if you try to add multiple sites on the same IP address to different Certs. But after some googling this morning I found all I have to do is check a box to make it work, even when sharing an IP address. require-server-name-indication Now I can always use 1 Cert per website which is obviously better in many ways.

… So, I split each site into it’s own new setup Cert. the sites that were working before, still work. And… they still say Universal (shared) Where as the site that stopped working as of yesterday, still doesn’t work, and still only says Universal.

I am really lost here. I thought maybe there was going to be some delay or something, but the sites that work always start working almost immediately when I change settings. The sites are configured exactly the same, server side , and cloudflare side. I have a “ticket” into support, maybe they will see something,

1 Like
#4

The (Shared) part of the free Universal certificate here isn’t going to change until that certificate expires and/or Cloudflare reissues your domain a new one with the new format.

I’m sure Support can get to the bottom of this. Post the ticket # to get some extra eyes on your situation.

#5

Well, good thing for me the site is only in development now , Which is actually one reason I know for a fact it was working properly 2 nights ago. I was working on it that night and all was working fine, woke up in the morning to continue coding on the site, and https was broken. But nobody is really effected by the SSL for now since I am really the only one using the site for now.

Sorry, new to this process with Cloudflare, I just have a Request #1649928 Not sure if that is actually a ticket number yet.

1 Like
#6

Hi @wchwesik, I see support confirmed yesterday the certificate is issued, but I do see issues with mixed content on the site that is preventing it from loading securely.

#7

Yes, I have since fixed those issues. Everything is working properly now. Not sure what actually happened, but … somewhere along the way it’s all fixed. Thank you for your help!

1 Like
closed #8

This topic was automatically closed after 30 days. New replies are no longer allowed.