SSL cert for subdomain

Hi,

We currently have a universal certificate for our primary domain but we also require an SSL cert for our 2nd level subdomain - staging1.example.com.au.

We have ordered an advanced certificate option as we were advised this was needed on the free plan however, we are still getting an unsecure connection error message:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Are there any further steps we need to do in order to set up the SSL cert for the subdomain?

Thank you.

Hey @kirst077

Did you add a wildcard on the ACM? Though surely staging1.example.com.au is only first level subdomain since .com.au is the TLD?

You need to have a valid SSL certificate installed for your sub-domain at your origin host/server too.

Does your origin host/server SSL certificate cover your staging1 sub-domain too, or is not yet being generated?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:

You could determine if your staging1 sub-domain is working over HTTPS without any error by following the steps from below:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
  4. In case if your sub-domain is not working over HTTPS, make sure to contact your web hosting provider, or generate one by using cPanel / AutoSSL / Let’s Encrypt / CertBot, etc.
  5. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Thank you for your response. To answer your questions:
We have let’s encrypt installed on our host (SiteGround).
The SSL/TLS encryption mode is set to Full - not full (strict) as per your instructions.

If we were to change our SSL option, will this affect our primary domain at all?
Also with the SSL set to strict, will that mean that we don’t require the Advanced cert?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.