Hi! So… I have this subdomain without “www”. It works. But, if I enter this subdomain with “www” then it says ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
My (main) DNS are:
A arminc.ga
A autoexec
A www
A www.autoexec
The SSL/TLS encryption mode is Flexible.
How can I fix this?
Cloudflare issues a certificate which covers your root domain and a wildcard which covers any first level subdomain. A 2nd level subdomain such as foo.bar.example.com is not covered unless you either a. upload your own cert covering that host name or b. order a certificate from Cloudflare which covers custom hostnames (aka a SAN cert) and specify the hostnames you wish to cover… in this instance either www.autoexec or *.autoexec.
You should also ideally install a Cloudflare Origin Certificate or other certificate on your origin server and configure the encryption mode to full.
So I can register a free certificate in this way? Like generating an Origin Certificate? (To fix the 2nd subdomain)
No, the free cert from Cloudflare only supports example.com and *.example.com. An origin cert is not intended to be public facing and won’t be displayed on Cloudflare’s edge so while “free” it doesn’t solve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
So I can’t fix it without paying money? It’s possible to turn off the ssl only for subdomain then?
Cloudflare provides a large number of services free of charge. You want to create a DNS entry which requires a feature (support for a second level subdomain over SSL) which isn’t provided for free. You could grey cloud the entry, or disable always use https and control SSL redirection using page rules or the origin, but a request to Cloudflare for the SSL version fo the URL if 
would result in the error unless there is a valid certificate on the edge.
Thanks! I have disabled Always HTTPS and I have set www.autoexec.arminc.ga/* redirect to https://autoexec.arminc.ga/$1
This topic was automatically closed after 30 days. New replies are no longer allowed.