SSL protocol error at page responses

Hi
My subdomain returned with ssl protocol error while the main domain worked fine
While the http version of same subdomain returns with directory listing page of no item
Kindly assist
https://elearning.staydigital.tech

Thnaks

That website is not using Cloudflare.

Thanks sdayman,

Kindly note that the ssl certificate installed on my web hosting is of cloudflare

Now the subdomain shows SSL protocol error

Any help, I will appreciate that

Thanks

Hi,

If the certificate you’re referring to its origin CA certificates then please be aware those certificates are Cloudflare self-signed certificates:

Origin CA certificates only encrypt traffic between Cloudflare and your origin web server and are not trusted by client browsers when directly accessing your origin website outside of Cloudflare. For subdomains that utilize Origin CA certificates, pausing or disabling Cloudflare causes untrusted certificate errors for site visitors.

More info on the link below:

1 Like

Dear Cloudflare,

I want the subdomain to share same SSL with the main domain staydigital.tech

Can that be done.

I know presently that the subdomain is not active on cloudfare, but this is the issue

I have cloudflare SSL installed to my main domain, but I want it to cover the subdomain as well

What am I to do

That subdomain needs some sort of recognized TLS/SSL certificate installed on your server. Either one that your host provides, or an Origin Cert that @RuiG recommended.

Once that’s done, you can Proxy (:orange:) that subdomain and then Cloudflare can re-issue the certificate to cover your main domain as well as the subdomain.

Hi,

While checking your domain resolution i noticed you are using infinityfree Hosting.

dig +trace +nodnssec www.staydigital.tech

(...)
staydigital.tech.       3600    IN      NS      ns2.epizy.com.
staydigital.tech.       3600    IN      NS      ns1.epizy.com.
;; Received 118 bytes from 212.18.249.60#53(f.nic.tech) in 43 ms

staydigital.tech.       86400   IN      CNAME   staydigital.tech.cdn.cloudflare.net.

dig +trace +nodnssec www.staydigital.tech
(...)

staydigital.tech.       3600    IN      NS      ns1.epizy.com.
staydigital.tech.       3600    IN      NS      ns2.epizy.com.
;; Received 122 bytes from 2001:67c:13cc::1:60#53(a.nic.tech) in 40 ms

www.staydigital.tech.   86400   IN      CNAME   www.staydigital.tech.cdn.cloudflare.net.


staydigital.tech.       3600    IN      NS      ns1.epizy.com.
staydigital.tech.       3600    IN      NS      ns2.epizy.com.
;; Received 128 bytes from 2a04:2b00:13ee::60#53(e.nic.tech) in 38 ms

dig +trace +nodnssec elearning.staydigital.tech
elearning.staydigital.tech. 86400 IN    A       185.27.134.215
;; Received 71 bytes from 37.187.64.39#53(ns2.epizy.com) in 50 ms

They have a very interesting and generous free plan, which i’ve used, but as everything that it’s free it has some limitations. Are you using the free plan?

To start i remember they only accepted real CA certificates, they were using Let’s Encrypt but only for the root domain. So despite the Cloudflare integration they weren’t allowing their customers to install Cloudflare origin certificate on their SSL/TLS (as it’s a self-signed certificate).
I had no experience with the paid plans and even the free plan might have changed in the last year, so you can try to check in their Knowledge base.

I’ve struggled to set a blog subdomain and found somewhere in their forum other users suggesting to use Cloudflare directly, without the cPanel integration.

Furthermore, I’ve the idea they don’t allow you to manage the DNS records freely on their end so only the root and www subdomain can be proxied, this made me use Cloudflare directly and like that i was able to get Let’s Encrypt certificate for blog sub-domain using Cloudflare DNS and requesting the certificate via shell access and certbot on a different server.

To summarize:

  • this happened already 1 year ago, it’s easy to remember because i joined Cloudflare community with by that time, which can also indicate this info can be already outdated.

  • Configuring subdomain and using a partial setup it will be a nightmare, i don’t even think it’s possible at least on the free plan.

  • Check on their forum the admin or one of their active users will certainly reply and guide you better than here, as this is specific to the hosting service.

+++EDIT+++
Knowledge base is slightly different from what i remember, but it seems they still don’t accept Cloudflare Origin CA’s:

1 Like

Thank you very much

Your response is delightful

Regards,

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.