SSL certificate not showing up?

hi guys i need help with my domain, i bought it from godaddy and connected it to cloudflare also connected it to the site itself running on Gohighlevel, but when searching for the domain it gives out an error, i don’t understand why, the dns records i think are ok, i edited the nameservers in godaddy with cloudflare one’s, can anyone help me out? Thanks a lot
the domain is “rinnovamedia.it”

DNSSEC is enabled at your registrar, but not at Cloudflare.
https://cf.sjr.org.uk/tools/check?7c4429274bf64b879fb0c75862e11515

Two options:

  1. Disable DNSSEC at your registrar …or…
  2. Enable DNSSEC at Cloudflare here…
    https://dash.cloudflare.com/?to=/:account/:zone/dns/settings
    …and copy the DS records to your registrar.

ok i will try that, Thanks!

so cloudflare to activate the DNSSEC says i need to add a DS record at my registrar (godaddy), but the godaddy support says i can’t because the current nameservers are pointing at CF, anything i can do ?
Thanks

Yes you can add them. Don’t add them under DNS, there is a dedicated page for DS records…

However, your domain is still resolving (seems an issue with the .it registry and is reporting as safe at the moment) so isn’t the blocking issue (but should be fixed).

As noted in the other thread, your site isn’t proxied by Cloudflare so the certificate issue is at your origin and you need to fix that as well.

Unfortunately i do not see that option on my side…

What do youy mean by “your site isn’t proxied by Cloudflare” and for “at your origin” you mean godaddy?

Thanks

Just done some checking, seems .it doesn’t support DNSSEC for domains below it. The flag in the WHOIS is therefore misleading.

Your site isn’t proxied, which means your traffic is going direct to your host (gohighlevel?) and not through Cloudflare. So the SSL issue isn’t with Cloudflare, but with your host. You need to fix it there.

1 Like

oh ok got it, so what if i proxy it through Cloudflare?

Thanks in advance!

Fix your origin first.

Hiding an SSL problem behind Cloudflare deceives your users into believing that their data is securely encrypted end-to-end when actually it is not secure between Cloudflare and the origin.

curl -Ivv https://rinnovamedia.it --insecure
*   Trying 34.68.234.4:443...
* Connected to rinnovamedia.it (34.68.234.4) port 443 (#0)
......
* Server certificate:
*  subject: CN=sni-support-required-for-valid-ssl
*  start date: Aug  3 14:18:45 2021 GMT
*  expire date: Aug  1 14:18:45 2031 GMT
*  issuer: CN=sni-support-required-for-valid-ssl
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
......

(Sorry for the DNSSEC confusion. I’ll blame the .it registry for returning “DNSSEC: Yes” when they only support it back to the gTLD servers, not down to domains. In my defence, DNSViz throws an error too :slight_smile: /goes off to add more code to the checker)

1 Like

Hey man, no problem :smiley: , so i tried changing the dns records to “proxied” instead of “DNS only” and now finally the website opens but it still says that it’s not secure.

Thanks a lot for all the support so far!

Changing to proxied only made the site even less secure. Change that back and follow up on what was mentioned several times now and fix the server. Your Cloudflare configuration is also insecure.

so by fixing my origin you mean go daddy? if so what do i need to fix there? should i get an SSL through godaddy directly? i don’t understand sorry

Thanks

i tried contacting Go high level but they don’t know what to do about it, maybe i didn’t explain myself well to them but i don’t really know

i was thibking of getting an SSL through CF and using it in Godaddy but as i’ve seen godaddy only lets you upload SSL Certs via cpanel and other hosts

nevermind buying a SSL cert trough Godaddy is not an option anymore, its 50€/y =(