SSL configuration problem

#1

I have a domain and some subdomain with ssl from cloudflare
Since few days ago all was warking well
Today I have made a new installation of wordpress on main domain but if I try to go on https://www.webmanaging.it I have “ERR_SSL_PROTOCOL_ERROR”
All subdomains is ok with https
This is my settings in the crypto tab on cloudflare:
SSL: Flexible
Edge Certificates: 1 (webmanaging.it, *.webmanaging.it) SHA 2 ECDSA Managed by Cloudflare
Custom Hostnames: None (no enterprise upgrade)
Origin Certificates: none
Always Use HTTPS: On
HTTP Strict Transport Security (HSTS): Disabled
Authenticated Origin Pulls: On
Minimum TLS Version: TLS 1.0 (default)
Opportunistic Encryption: Off
Onion Routing: On
TLS 1.3: Enabled
Automatic HTTPS Rewrites: On

0 Likes

#2

Your www host is not proxied and points straight to your server and it appears there is a problem with the certificate on your server. Fix your certificate issue and once that is done switch the following to “Full strict” to make it actually secure.

0 Likes

#3

I have changed host to proxied
I don’t have any certificate installed on my server
I have switched to “full strict” but now I have

Error 525 Ray ID: 4ba79b57bfe5be66 • 2019-03-20 12:14:36 UTC## SSL handshake failed

0 Likes

#4

You need a certificate. Either get a LetsEncrypt certificate or a Cloudflare origin certificate from the Crypto section.

0 Likes

#5

But few days ago all was working with no certificate installed on my server…why now I need one installed ?

0 Likes

#6

You always need a certificate. If you didnt have one your site was not secure. Pick one of the mentioned options and your site should be fine.

0 Likes

#7

OK…I don’t know how to install a certificate on my server…can You help me ?

0 Likes

#8

It’s best to contact your host in this case.

0 Likes

#9

My server is at home…

0 Likes

#10

In that case I’d use the search engine of your choice to find information on how to configure the certificate on your server software.

0 Likes

#11

https://www.google.com/search?client=firefox-b-d&q=apache+configuring+certificate should get you started.

0 Likes

#12

OK…but just a question…
If I need a certificate installed on my server why all subdomains was working well in https with no cert installed and flexible mode ?
Try to learn more :slight_smile:

0 Likes

#13

Because Flexible is a non-secure way to connect to your server and should be avoided.

@domjh summarised it at Why we recommend you don't use flexible!

1 Like

#14

OK…but I still don’t understand why in this way subdomain is ok and main domain got error

0 Likes

#15

Might depend on the configuration.

My advice would be to configure a valid certificate (should be a matter of 20 minutes max with an origin certificate), set “Full strict”, and set the proxy status to :orange:. If everything is properly configured your site should immediately work at that point.

0 Likes

closed #16

This topic was automatically closed after 30 days. New replies are no longer allowed.

0 Likes