SSL after joining cloudflare

ssl

#1

Hello Team. can i be assisted on this one issue please. I have recently listed my domain on cloudflare. After joining Cloudflare, i bought a wildcard SSL from godaddy and installed it on my server now, issue is, i cant get it to reflect on my browser. In my Cloudflare account i get a notice that says, Ineligible for SSL. I guess this is why i am not getting my SSL to work. the domain is a .co.zw domain and its on the free cloudflare account.I have tried following this link: https://support.cloudflare.com/hc/en-us/articles/204468848-How-do-I-access-or-change-any-of-my-SSL-settings-?flash_digest=5367ef830f6c7dfd7429e1c04ac968154ebe85ac but i am unauthorized to view its content.

Thank in advance for the assist.


#3

Zimbabwe is one of the countries restricted by Cloudflare’s main CA, Comodo, out of concern for United States export and sanction laws.

https://support.comodo.com/index.php?/Knowledgebase/Article/View/989

Depending on Cloudflare’s own legal interpretations and policies, they might use one of the other CAs they work with, or they might not obtain any sort of certificate.


#4

thank you for the feedback. So, how do i get SSL while on Cloudflare? Does this mean because of sanctions, i cant get SSL even if i purchase another third party SSL certificate (godaddy in my case)? Isn’t there a way i can get SSL?


#5

So the ineligibility is beause they dont get certificates issued for a legal reason.

Hmm, so it would require a business account and a custom certificate to get a .zw domain on TLS at Cloudflare.


#7

Maybe, maybe not.

Cloudflare works with 3 CAs. Solving this may be as simple as filing a support ticket and asking them to try one of the other CAs.

Or not.


#8

What I find interesting however, is the way this ban is implemented. Why is the top-level domain sanctioned? Everybody seems to be able to register such a domain, whereas a Zimbabwean citizen can register under another TLD and get a certificate.

That ban is somewhat pointless :thinking:


#9

Any tips on going around it?


#10

Not more than what was already mentioned. Or you use another domain.


#11

You been a great help, Let me try to open a ticket with Cloudflare see if i can get assisted as suggested above


#12

My other .com domain didnt have problems. its working very well with a third party SSL


#13

GlobalSign, the non-US CA Cloudflare works with, has issued certificates for .co.zw domains for Cloudflare as recently as April.

https://crt.sh/?id=378344830

DigiCert, the third CA, also seems to be willing to work with Zimbabwe.

Edit: Then again, that site is no longer using a Cloudflare certificate, so policies may have changed.


#14

Well, it is a .com


#15

This topic was automatically closed after 14 days. New replies are no longer allowed.