SSL peer has no certificate

Answer these questions to help the Community help you with Security questions.

Have you searched for an answer?
Yes. There is an answer from 2019 on the community, but it doesn’t answer the question and it doesn’t seem relevant. I’ve spent all day researching this and come up empty.

When you tested your domain, what were the results?
Secure Connection Failed
An error occurred during a connection to ***. SSL peer has no certificate for the requested DNS name.
Error code: SSL_ERROR_UNRECOGNIZED_NAME_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Describe the issue you are having:
My website is hosted on Digital Ocean and is proxied through Cloudflare. Everything has been working fine until now because of a change I’ve been forced to make. I had to spin up a new Digital ocean droplet to house my website; it has a new IP address.
I changed my Cloudflare DNS A record to the new IP address, but now I’m getting a SSL_ERROR_UNRECOGNIZED_NAME_ALERT.

What error message or number are you receiving?
SSL_ERROR_UNRECOGNIZED_NAME_ALERT

What steps have you taken to resolve the issue?

  1. Was getting error 520, turned off Cloudflare proxying so I could see the real error.
    SSL_ERROR_UNRECOGNIZED_NAME_ALERT
  2. Turned off universal SSL, waited 5 minutes then turned it back on.

Was the site working with SSL prior to adding it to Cloudflare?
The site has always been on cloudflare, but now I’ve changed the server the site is hosted on.

Have you tried from another browser and/or incognito mode?
Yes

That sounds like you have not yet installed an SSL certificate for your domain on your new server.

Yes, that sounds right, but I don’t know how to make that happen. When I moved the site to Cloudflare originally, it “just happened”. Now that I have the same domain but on a different server and basically a whole new site, I can’t figure out how to get Cloudflare to “reinitialize” my cert on my new site.

https://developers.cloudflare.com/ssl/edge-certificates/universal-ssl/enable-universal-ssl/

WRT installing a new cert manually, I did that too. I followed the instructions here to create a cert on my server:

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

I then followed this guide to install a cert on my DIgital Ocean droplet:

https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority

Universal SSL is a certificate between your customers and Cloudflare.

You also need to install a certificate on your server, for example one from LetsEncrypt or a Cloudflare Origin certificate (that only works for proxied sites):

Cloudflare cannot make configuration changes on your server. It is absolutely necessary that you install a certificate on your server for a secure connection.

I understand that. However, with Cloudflare’s Universal Edge certificiates, the SSL certificate is issued automatically:

Enable Universal SSL certificates

By default, Cloudflare issues — and renews — free, unshared, publicly trusted SSL certificates to all domains added to and activated on Cloudflare.

The process for activating a Universal SSL certificate depends on your domain’s DNS setup.

For domains on a full setup, your domain should automatically receive its Universal SSL certificate within 15 minutes to 24 hours of domain activation.

When I originally set up on Cloudflare, this is what I did and I didn’t install a certificate on my server because a) I didn’t even know how to access my server’s file system back then and b) it’s a shared certificate. But now that I’m already on Cloudflare, I can’t seem to get either their edge certificate to switch to my new server via DNS, nor can I get the installed certificate to work.

As I said in my previous post, the Edge Certificate (Universal SSL) only secures the connection between visitors and Cloudflare.

To secure the connection between Cloudflare and your server, you need to install a certificate on your server. Cloudflare provides you with a certificate (the Origin Certificate) but there is simply no way that CF can install it on your server, you have to do that yourself.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.