Subdomain too deep

This tutorial covers a possible reason for the SSL_ERROR_NO_CYPHER_OVERLAP and ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors (Firefox and Chrome respectively) when seen on a subdomain.

The Cloudflare universal certificates cover example.com and *.example.com. This means that it covers any subdomain one level below the domain you signed up with.

It will cover www.example.com and subdomain.example.com, as these are one level below the root domain, example.com.

The certificate will not cover www.subdomain.example.com or a.b.example.com, however, as these subdomains are too deep.

Solution:
You either need the $10/month Advanced Certificate Manager from Cloudflare, on which you can specify the subdomain you need to cover, or to set the record to :grey: and bypass Cloudflare altogether.
If you have or can get a Business or Enterprise plan, you could also upload a custom SSL certificate with the required hostnames.

Links:
Other common issues with SSL/TLS on subdomains:

Advanced Certificate Manager documentation:
https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager



Tutorial Reference: CT-11

Reviewed: 07/21

This is a Community Tutorial, most are wiki posts, so can be contributed to by Regulars and MVPs here. If there is a tutorial you would like to see, you can request one here.

If you would like to provide any feedback on this tutorial, please post in the #Meta category, tag your post #TutorialFeedback and let us know the Tutorial Reference above.

Other great resources on this community include the Community Tips . These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. Also you can view Expert Tips, great posts on the community from people in the know that may help you with your issue.

We encourage users to check out these great resources and the Cloudflare Support Centre before posting


14 Likes
Community Tutorials
No SSL certificates were found on www.***
Page rule forwarding with subdomain and wildcards
Forward URL not working with www, please help
Site cannot open
SSL on subdomains are only wildcard, why?
Redirect from https://www.sub.domain.com?
Subdomain A record does not point
Adding subdomains and second-level subdomains to SSL
Cant access subdomain
Wildcard SSL issues
My forum (subdomain) is unreachable
SSL/TLS not working on subdomain
My subdomain is down after added cloudfair
SSL not working on my subdomain
SSL issues on subdomains when activating Cloudflare
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Why I Receive the error "hostname uses an unsupported protocol."
Unable to use Cloudflare DNS proxy with Let's encrypt certificate
Create an A Record for www."subdomain"
How to configure a subdomain to redirect to a AWS S3 page?
Unable to access subdomain
No SSL certificates were found on www.***
All hi! Why my site does not open from the address
Subdomain not acessible
How to be able to use "www" for subdomains
Firebase custom domain shows up Unsupported Protocol flag in the browser
Is this possible?
Subdomain Redirect Problem - non www
Www. not working with sub domains
Subdomain not rendering www
Getting 520 Error when I edit a large post. Service provider said ask cloudflare team
Shopify - I Need To Disconnect My Shop. site from Shopify
SSL_error_on website
Trying to create a second level subdomain
Trying to create a second level subdomain
'A' record for subdomain not working
Subdomains - How to get them working
Use non www in a subdomain
Cannot found SSL
Convert Subdomain CNAME Setup to Subdomain Full Setup
Argo Tunnel nested subdomain
SSL subdomain problem
Alphanumeric Subdomain
DNS_PROBE_FINISHED_NXDOMAIN (subdomain)
Blog.facilsistemas.com.br
DNS_PROBE_FINISHED_NXDOMAIN help!
Forwarding URL does not work on sub sub domain
Sub Domain Not working with SSL
Get Error "ERR SSL VERSION OR CIPHER MISMATCH"
How to create a redirect, that works with HTTPS?
Advanced Certificate Manager Problems
Using a CNAME that contains a period results in SSL version or cipher mismatch error
Error SSL version or cipher mismatch AWS Lightsail install
This site can’t provide a secure connection error on visit
SSL Errors Using Google Managed (Let's Encrypt) Certs
Api system with HTTPS: what/how should I configure?
How to add nameservers to a subdomain?
Can't establish a secure connection with the server
Uploading a cloudflare certificate to pythonanywhere
SSL certificate on www. version of staging site
Replace with Cloudflare's nameservers
Www.portal.domain is not working instead of portal.domain
DNS Same IP Cloudflare Proxy
SSL for 2nd level o higher
Exclude from page Rules
SSL doesn't work for sub-sub domain
When typing "www." before domain in page rules doesn't redirect
When typing "www." before domain in page rules doesn't redirect
Subdomains not loading with www
Error 1000 - DNS points to prohibited IP (no CF IPs)
Sub-domain with www is possible?
Redirecionamento
Redirecionamento
Receiving error message
Https://www.sub.domain.com is not working after cloudflare enable
Page rule redirect for all subdomain www to not www
Unsupported protocol on www
Error using CDN "Failed to load assets using CDN URL provided."
DNS for Wix
SSL Handshake Error (Cloudflare Proxy)
CF not assigning Certs?
Redirect not found
Gmail not picking up server emails after change to Cloudfare but webmail working
Www + subdomain
DNS Settings for Subdomains
Www problem
Problem in providing my domain
ERR SSL VERSION OR CIPHER MISMATCH on second level wildcard certificate at origin
Is it possible to have 'www' resolve to subdomain?
Page rules for subdomains from a separate web host not working
Failed to communicate with the secure server
Page Rule for Permanent redirection not working
ERR SSL VERSION OR CIPHER MISMATCH on subdomains
Perimeter certificates aren't working on subdomains. What can i do?
Err_ssl_version_or_cipher_mis
Ssl issue on sub-domain
Certificat SSL pour ssdomaine.ssdomain.domain.eu
AWS API Gateway <> Cloudflare: SSL Handshake Failure
NEWBIE help for subdomain not working
ERR SSL VERSION OR CIPHER MISMATCH on domains
When typing "www." before domain in page rules doesn't redirect
Redirect www.subdomain.domain.com to domain.com
Sub-subdomains on different servers do not resolve
Subdomain is giving an error uses an unsupported protocol
How to fix https error?
Workers on a second level subdomain
Setting up Autoptimize plugin with cloudflare
Subdomains not working with WWW
USe cdn cloudflare but subdomain is not working
How are SSL certificates handled for subdomains after a recent switch to Cloudflare
Cloudflare ssl and subdomans
Ssl cert ( Edge Certificates : initializing )
Creating CNAME with two dots
Nameservers still need to be added will my website go down after I added website DNS
How to create subdomain of a subdomain
Help with url redirection
Turning on/off proxy for a domain thru the API
Cloudflare Subdomain not connecting to Google Sites
Argo site reports "This site can’t provide a secure connection" in Chrome
Domain Problem
DNS / IP pool adjustment
Www.subdomain.domain.com
Inclusion of subdomain notes , appointments
Cloudflare Access - Wildcards to the right of sub-domains are not effective + need wildcards on the left of the application domain
This site can’t provide a secure connection for sub domain
Page redirect from root to www not working
Cloudflare Subdomain not connecting to Google Sites
Error: ssl3_read_bytes:sslv3 alert handshake failure
If my subdomain has www., then i cannot use cloudflare for caching
CommunityTip - Security FAQ Read Me First
Add a subdomain to know how to own the parent domain?
Www for a subdomain not working
Using Cloudflare SSL certificate for Subdomain with www
Expire and Disable HSTS
Aws dns to balancer wrong
Page Rule Wild Card Help
I haven't access to my subdomains with www.* in domain address
Need Cloudflare protection for my Siteground staging site
SSL - CloudFlare
Can not set a record for www.subdomain.mydomain.com
Connect Azure blob storage
How to enable Cloudflare for a subdomain?
SSL for domain works but not for sub-domain
Can't get basic test worker to work
Ssl error for my subdomains
PROBLEMA CON SUBDOMIIOS
Problem with www.subdomain
Adding a fourth-level domain leads to "Connection to this site is not secure" error
Turning on cloud flare proxy
ERR SSL VERSION OR CIPHER MISMATCH resulting from cross-domain redirect page rule
Cloudflare + Vercel + Heroku: Mulitilevel Domains with SSL
WP Multisite subdomain dashboard and site not accessible
CSS/JS doesn't load on the website
SSL Error with www.subdomain.domain.com
Linking Subdomain to a Worker
The ssl certificate on subdomains stopped working
How to enable cloudflare feature only on specific subdomain?
Site not work with cloud
My Project is duplicate from difference domain
SSL_ERROR_NO_CYPHER_OVERLAP for my website
SSL Certificate is not working 2nd Sub Domain
[solved, but bad UX] SSL not working on subdomain after not using SSL in a while
Worker and subdomain
With www not opening my site
Community Tip - Fixing ERR SSL VERSION OR CIPHER MISMATCH in Google Chrome
SSL Certificate is not working Sub Domain
Secure Connection Failed after switching to Cloudfare DNS
Issue with subdomain certificate in a specific scenario
Can't add CNAME record for subdomain
Fourth level subdomains
Creating a 2nd Subdomain
Subdomain error DNS_PROBE_FINISHED_NXDOMAIN
Random 520 error... the error go away when bypassing cloudflare
Err_ssl_protocol_error :?
ERR SSL VERSION OR CIPHER MISMATCH on subdomain
Captcha in Ukraine
Proxy issue in CNAME
Sub-Sub-Domains with SRV records
Error http/https
Subdomain not opening with www
Cloudflare free TLS cert subdomain Issue
Redirect all third level that that do not exist on an existing domain
My subdomain stopped working since I moved my name servers to coudflare, canyone advise on how to fix this
SSL_ERROR_NO_CYPHER_OVERLAP problem
Email not working!
Minimal plan that can do page level proxying?
SSL configuration error
Proxy not working for subdomains with Advanced Certificate
Trying to add a subdomain alias www with no success
Cloudflare SSL not Active without www
Staging site (wordpress) error: site can't be reached
Client and server don't support a common SSL protocol
Correct Setup with www. for multiple sub domains and ips
Can't get ssl certificate for subdomain
Can't get ssl certificate for subdomain
Cloudflare SSL + GCP managed SSL
How to redirect www to non-www for Subdomains
Problem with proxing
How to add sub-sub domain on Cloudflare?
Site not work with cloud
SSL Error: Certificate Mismatch!
Https://www.it.sam.cab
Cloudflare Access not working on sub-sub-domains
Secure Connection Failed when redirecting from www to naked domain
Edge Certificate validation