Subdomain renders SSL error

Answer these questions to help the Community help you with Security questions.

What is the domain name?
staging3.onthefeederdotcom

Have you searched for an answer?
Yes.

Please share your search results url:
I wish I could - this platform won’t allow me to use links. I think my account is too new.

When you tested your domain using the [Cloudflare Diagnostic Center]what were the results?
It said I should enable caching for better results, so nothing related to the SSL. I only disabled caching to test. When disabled the subdomain worked fine.

Describe the issue you are having:
When navigate to subdomain the browser throws error: Here’s the one from FireFox (similiar message from Chrome)
Secure Connection Failed

An error occurred during a connection to www.staging3.onthefeederdotcom. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

What error message or number are you receiving?
See above.

What steps have you taken to resolve the issue?

  1. Verified DNS setup correctly for the subdomain
  2. Contacted Siteground my hosting provider. They advised disabled caching on Cloudflare temporarily, which I did, error went away.

Was the site working with SSL prior to adding it to Cloudflare?
n/a The subdomain is new for staging

What are the steps to reproduce the error:

  1. Open browser
  2. Navigate to “staging3.onthefeederdotcom”

Have you tried from another browser and/or incognito mode?
Yes, both. Same results.

Please attach a screenshot of the error:
I’d love to but the system doesn’t allow it. I think my account is too new.

The problem is that you have a 301 redirect sending traffic from staging3.onthefeeder.com to www.staging3.onthefeeder.com. Multi-level subdomains should generally be avoided. Cloudflare Universal SSL issues certificates for the apex domain and one level of subdomains, i.e. example.com and *.example.com. So deeper nesting of subdomains is not supported. In fact, *.*.example.com wildcard certificates are not possible with any certificate provider because the specification allows only a single wildcard in the name. In some cases non-standard wildcards could be used like www.*.example.com or *.www.example.com, but not with Cloudflare Universal SSL. Another workaround is to combine so that you have only a single level of subdomain, i.e. instead of www.test.example.com you could use www-test.example.com, using a dash instead of a dot, this now only counts as a single level of subdomain deep and thus would be covered by a *.example.com certificate

If there a specific reason you need to use www.staging3.onthefeeder.com instead of just using staging3.onthefeeder.com? Is the redirect even intentional?

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.