My ISP (Panthur) recently promoted the security benefits of SSL certificates, and I duly purchased their RapidSSL certificate, which they ultimately installed. The result was users of the associated mail domain complaining of (1) in the case of an iPhone user, an untrusted certificate, and (2) in the case of an Outlook user, a certificate that could not be verified because the target principal name was wrong. Panthur advised me to ensure that said users were using the correct in/out server names; I did and they were. They then recommended disabling Universal SSL at CloudFlare, which I did; the result was that the domain website became inaccessible to all. On the advice of Panthur, I also tried experimenting with moving from ‘Flexible SSL’ to either ‘Full (strict) SSL’ or ‘Full SSL’; the website only came good when I returned to ‘Flexible SSL’ and re-enabled the Universal SSL, but the mail problem remains. Panthur now insist that their certificate is correctly installed, and that I should take up the problem with CloudFlare. I note that CloudFlare say:
“Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no dedicated certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS.”
Since my domain is accessed via https (i.e. the page rule ‘Always use HTTPS’ is in effect), that quote seems to pinpoint why disabling Universal SSL took the website down. I am beginning to suspect that I cannot use the RapidSSL certificate that I purchased from Panthur, and should instead have purchased a dedicated SSL ‘edge certificate’ from CloudFlare. Panthur clearly disagree. Please advise me on what I should do. There is a possibility that I was fooled by the length of time that it takes for changes to the CloudFlare settings to take effect into incorrectly believing that only the combination of ‘Universal SSL enabled’ and ‘Flexible SSL’ restored the website. But I don’t seem close to solving the mail issue.