SSL protocol error at page responses

staydigitalsolution · December 20, 2020, 7:31pm

Hi
My subdomain returned with ssl protocol error while the main domain worked fine
While the http version of same subdomain returns with directory listing page of no item
Kindly assist
https://elearning.staydigital.tech

Thnaks

sdayman · December 20, 2020, 7:46pm

That website is not using Cloudflare.

staydigitalsolution · December 20, 2020, 8:03pm

Thanks sdayman,

Kindly note that the ssl certificate installed on my web hosting is of Cloudflare
https://staydigital.tech

Now the subdomain shows SSL protocol error

Any help, I will appreciate that

Thanks

RuiG · December 20, 2020, 9:33pm

Hi,

If the certificate you’re referring to its origin CA certificates then please be aware those certificates are Cloudflare self-signed certificates:

Origin CA certificates only encrypt traffic between Cloudflare and your origin web server and are not trusted by client browsers when directly accessing your origin website outside of Cloudflare. For subdomains that utilize Origin CA certificates, pausing or disabling Cloudflare causes untrusted certificate errors for site visitors.

More info on the link below:
https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates

staydigitalsolution · December 20, 2020, 9:46pm

Dear Cloudflare,

I want the subdomain to share same SSL with the main domain staydigital.tech

Can that be done.

I know presently that the subdomain is not active on cloudfare, but this is the issue

I have cloudflare SSL installed to my main domain, but I want it to cover the subdomain as well

What am I to do

sdayman · December 20, 2020, 9:55pm

That subdomain needs some sort of recognized TLS/SSL certificate installed on your server. Either one that your host provides, or an Origin Cert that @RuiG recommended.

Once that’s done, you can Proxy () that subdomain and then Cloudflare can re-issue the certificate to cover your main domain as well as the subdomain.

RuiG · December 21, 2020, 2:08am

Hi,

While checking your domain resolution i noticed you are using infinityfree Hosting.

dig +trace +nodnssec www.staydigital.tech

(...)
staydigital.tech.       3600    IN      NS      ns2.epizy.com.
staydigital.tech.       3600    IN      NS      ns1.epizy.com.
;; Received 118 bytes from 212.18.249.60#53(f.nic.tech) in 43 ms

staydigital.tech.       86400   IN      CNAME   staydigital.tech.cdn.cloudflare.net.

dig +trace +nodnssec www.staydigital.tech
(...)

staydigital.tech.       3600    IN      NS      ns1.epizy.com.
staydigital.tech.       3600    IN      NS      ns2.epizy.com.
;; Received 122 bytes from 2001:67c:13cc::1:60#53(a.nic.tech) in 40 ms

www.staydigital.tech.   86400   IN      CNAME   www.staydigital.tech.cdn.cloudflare.net.


staydigital.tech.       3600    IN      NS      ns1.epizy.com.
staydigital.tech.       3600    IN      NS      ns2.epizy.com.
;; Received 128 bytes from 2a04:2b00:13ee::60#53(e.nic.tech) in 38 ms

dig +trace +nodnssec elearning.staydigital.tech
elearning.staydigital.tech. 86400 IN    A       185.27.134.215
;; Received 71 bytes from 37.187.64.39#53(ns2.epizy.com) in 50 ms

They have a very interesting and generous free plan, which i’ve used, but as everything that it’s free it has some limitations. Are you using the free plan?

To start i remember they only accepted real CA certificates, they were using Let’s Encrypt but only for the root domain. So despite the Cloudflare integration they weren’t allowing their customers to install Cloudflare origin certificate on their SSL/TLS (as it’s a self-signed certificate).
I had no experience with the paid plans and even the free plan might have changed in the last year, so you can try to check in their Knowledge base.

I’ve struggled to set a blog subdomain and found somewhere in their forum other users suggesting to use Cloudflare directly, without the cPanel integration.

Furthermore, I’ve the idea they don’t allow you to manage the DNS records freely on their end so only the root and www subdomain can be proxied, this made me use Cloudflare directly and like that i was able to get Let’s Encrypt certificate for blog sub-domain using Cloudflare DNS and requesting the certificate via shell access and certbot on a different server.

To summarize:

this happened already 1 year ago, it’s easy to remember because i joined Cloudflare community with by that time, which can also indicate this info can be already outdated.
Configuring subdomain and using a partial setup it will be a nightmare, i don’t even think it’s possible at least on the free plan.
Check on their forum the admin or one of their active users will certainly reply and guide you better than here, as this is specific to the hosting service.

+++EDIT+++
Knowledge base is slightly different from what i remember, but it seems they still don’t accept Cloudflare Origin CA’s:

staydigitalsolution · December 21, 2020, 2:44pm

Thank you very much

Your response is delightful

Regards,

system · December 26, 2020, 2:45pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[HELP ]Problem with SSL Certificate in my subdomain Security	3	5729	November 30, 2019
Subdomain SSL Issue on Cloudflare Partner hosted website (Hostinger) Security	2	2700	February 26, 2022
Erro_SSL_Protocol in subdomains onlue Security	4	246	April 16, 2024
SSL not working on subdomain Security dns , dash-ssl-tls , dash-errors , dash-troubleshooting	5	4759	April 19, 2019
SSL certificate not working on second subdomain DNS & Network dash-troubleshooting	8	10116	August 24, 2019

SSL protocol error at page responses

Related topics