[solved, but bad UX] SSL not working on subdomain after not using SSL in a while

Just set up a new subdomain on a domain I haven’t used SSL with before, and getting the above error message e.g. when trying to connect with Chrome.

Found a topic on this forum that said that there was an error provisioning a certificate for the user, and after reprovisioning done by Cloudflare things went back to normal.

Please help!

Thanks
Denis

2 Likes

Thanks. That’s the issue, yeah.

It’s fairly bad UX, since the site could easily show a warning about SSL not working for the specific nested subdomains, e.g. on the SSL config pages.
I guess on the other hand most people don’t nest their subdomains, probably explaining why no warning has been implemented for this.

The issue comes up fairly frequently.

If you want to suggest to Cloudflare to make changes in that area you might want to do so either at https://community.cloudflare.com/c/feedback or via a support ticket.

Generally speaking, it shouldnt be too difficult to display a warning for all proxied 2nd+ level hosts which are not covered by said certificate.

Thanks for the suggestion, but I’m fairly certain that Cloudflare could easily figure out that this is an issue, and would know how to prioritize (and fix) it. Monitoring forum threads is one way, monitoring their traffic would be another. I do think they just have different priorities. Maybe that’s right, maybe that’s wrong, but I certainly lost half an hour of my valuable time due to a bad user experience (non-)design.

Another bad UX thing that they should really fix is being really clear about what the DNS import tool can or cannot do. Nowhere in its UI/UX is there a clear indication that the tool can be expected to miss entries when importing. Yet I have told clients (web dev, consulting) in the past to just use that, not being aware that they may have lost some records in the process, not warning them to definitely double-check. Only recently, via some knowledge base article, I found out about this, and it hurts. Again, something I could have and should have known better (though how many even developers can you reasonably expect to understand the intricacies of trying to import DNS records and whether or not that’s a failsafe and guaranteed-to-work process), but in the end it’s still a user that had a worse experience than could reasonably be expected.

I love Cloudflare, I hope they’ll fix these. I know I put these thoughts in the wrong place, by the way. Thanks for listening.

“Be the change you want to see in the world.” (Mahatma Gandhi)