SSL Handshake Failed although I have issued advanced SSL on Cloudflare

What is the name of the domain?

https://eli-conf.soran.edu.iq/

What is the issue you’re encountering

I have issued Advanced certificate, but still there is an issue

Was the site working with SSL prior to adding it to Cloudflare?

No

What is the current SSL/TLS setting?

Full (strict)

The Cloudflare edge certificate is ok, but you are getting a 525 error…
https://cf.sjr.org.uk/tools/check?b75b05d6ca434367a0c33937a25b09d1#connection-server-https

This means Cloudflare can’t complete the SSL handshake with your server. Pause Cloudflare, or set the DNS record to DNS only, then requests will go direct to your origin and you can see the problem. Once fixed, you can re-enable Cloudflare again.

2 Likes

Thanks a lot for your reply.
I have updated the DNS record and made it DNS only.

Now it is like that:
https://eli-conf.soran.edu.iq/

By the way. this is a Google site which I have pointed to this subdomain.

Thanks again for your help.

You’ll have to wait, or check with Google, for the SSL on your site to start working.

Usually sites that point to ghs.googlehosted.com are best left as “DNS only” for SSL certificate generation and so Google can confirm the domain resolves correctly to their CNAME.

2 Likes

Thank you, I see.

So, here I do not need to create Advanced certificate for the subdomain?

It is a first-level subdomain of your domain, so is covered by the Universal SSL certificate (which covers soran.edu.iq and *.soran.edu.iq). An Advanced Certificate is not needed for it.

2 Likes

Thank you again for your kind and quick replies.

I have another website, same details. But it says that website is not secure.
https://arts.soran.edu.iq/

Actually this happened after I changed Cloudflare to Full (Strict)

Then some google sites that were pointed to subdomains worked fine, some others failed and up to now still now working.

For example, the following works fine

That site is not proxied and is pointing to ghs.googlehosted.com. Again, likely that’s how it needs to stay. For any SSL issues with that, check with Google.
https://cf.sjr.org.uk/tools/check?ef62c436d1ca46868a2358b0577bd8b8#dns

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.