Troubleshooting SSL/TLS issues

This tutorial post covers the steps you should take if you have enabled Cloudflare, but HTTPS is not working on the site.

If your main domain is secure, but a subdomain is not, please see SSL/TLS not working on subdomain.

1. Check that the DNS record is set to :orange:
In the DNS app in your Cloudflare dashboard, check that the DNS record for your domain is set to :orange:, not :grey:. If it is :grey:, Cloudflare is disabled on the site and none of the SSL settings will take effect.

2. Check that HTTPS doesn’t work
If you manually enter https://(www.), does it load with the Cloudflare certificate? If so, you are probably not forcing HTTPS, enable ‘Always use HTTPS’ under SSL/TLS > Edge Certificates in your Cloudflare dashboard.

3. Do you see a certificate from your server?
If you see a certificate from your server rather than from Cloudflare, you may be bypassing Cloudflare and connecting straight to the server. You can also check for Cloudflare headers in developer tools. If you are not going through Cloudflare, this may be a local caching issue. You could also test your site on a different device and/or network. There is a specific tutorial on Verifying propagation and caching issues when troubleshooting.

4. Is it a mixed content issue?
If the site loads with HTTPS, but you see a yellow triangle/ red shield / not fully secure message, it means that there is mixed content in the site. This is where the main domain is being loaded over HTTPS, but some resources are loading over HTTP. You can read more about mixed content in this Community Tutorial and you can find information to help you fix it in this Community Tip.

5. Has your Cloudflare Certificate Provisioned?
If you see the errors ERR_SSL_VERSION_OR_CIPHER_MISMATCH or SSL_ERROR_NO_CYPHER_OVERLAP in Chrome and Firefox respectively, it may mean that your Cloudflare certificate has not yet provisioned.
If you go to SSL/TLS > Edge Certificates in your Cloudflare dashboard, you may see the certificate showing the certificate as ‘Pending Validation’ rather than ‘Active’:

It can take up to 24hrs for the free Universal SSL certificate to provision, if it has been longer than that, try disabling and re-enabling Universal SSL to restart the process. More info and further steps to take in Community Tip - Fixing ERR SSL VERSION OR CIPHER MISMATCH in Google Chrome and Community Tip - Best Practices For Certificate Provisioning.

If you still need further help, please post the outcomes of these steps and your domain and the community can try and help.

SSL/TLS Configuration Video:

Video - Introduction to SSL and Cloudflare’s Options

Credit to @albert for the fantastic explanation here.

Tutorial Reference: CT-09

Reviewed: 07/21

This is a Community Tutorial, most are wiki posts, so can be contributed to by Regulars and MVPs here. If there is a tutorial you would like to see, you can request one here.

If you would like to provide any feedback on this tutorial, please post in the #Meta category, tag your post #TutorialFeedback and let us know the Tutorial Reference above.

Other great resources on this community include the Community Tips . These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. Also you can view Expert Tips, great posts on the community from people in the know that may help you with your issue.

We encourage users to check out these great resources and the Cloudflare Support Centre before posting

SSL cert not working
SSL Error: Webpage Not Opening Properly
Community Tutorials
Free ssl not showing up
My https removed when i update my home page
SHTML Not Working
Site Down, DNS Not propogating. Help!
SSL ISSUE Activation
How to renew my ssl that is expired?
Error 522 when proxied | no problem when DNS Only
Getting 521 error sometimes and then resolves itself after few mins
Hello My site can't connect to the backend
Proxied Cloudflare to Plesk
Admin session on Jommla 4
Mixed Content. but the 'frame' points to the wrong port!
Proxied Cloudflare to Plesk
Error 525 Showing on my Website
Kemp Load Balancer
Cloudflare 502 errors today WPO Wordpress
Error 520 Web server return unknown error
Error using CDN "Failed to load assets using CDN URL provided."
Http and lock not showing
Cache issues with Ezoic
Getting an SSL Certificate
Not secure in my site
Ssl not working on my domain?
I am getting error not valid SSL certificate and my domain is not running
IP address of cloudflare server when displaying error message
CloudFlare proxied websites don't work on Virgin Media but do on EE and some U.S providers
My connection is not Private. How to resolve this on my *.com website
Error 525 SSL handshake failed blogger
YTCC - Broken SSL
Error 522 - packets
Default google chrome images
My subdomain is giving 404 error
Domain and Subdomain Down
CommunityTip - Getting Started with Cloudflare & the Community
Edge certificate status under verification
Error 521 - Unable to have support
Host error
Subdomains not working! (Godaddy site, cpanel hosting)
My site is active but still not secured
Error 520 problem for two minutes?
520 errors related to Caching...?
Error 5xx log page admin
Blocked just adding code to site
My site is DOWN basically. REFRESH error message
Ssl cert ( Edge Certificates : initializing )
Error 520, Web server is returning an unknown error
Run 2 scheduled workers within 5 seconds of each other
How to fix issue "Error 525: SSL handshake failed"
Cloudflare settings when you first set it up
Istanbul cloudflare errors 525 but frankfurt doesn't
Enable Cloudflare to my website and getting the following error
Status: Failed - HTTPS SSL Certificate failed to be processed
SSL handshake failed/Error 525
Cloudflare SSL .gg Domain
Why do I keep having 520 error on my website
520 Error – no error logs triggered
Root domain resolves, www subdomain causes 520 error
Cloudflare All-time-classic: How to fix Error code: SSL_ERROR_NO_CYPHER_OVERLAP
I am receiving a 502 error page when I test my button on my facebook business page
Website not showing as secure
Error 520. Web server is returning an unknown error
520 cloudflare error
I'm having 520 error I have contacted my hosting the problem is not from them
SSL - CloudFlare
Https links on website being redirected to http
Cloudflare SSL not Active without www
Web server is returning an unknown error. How to fix this
DNS updated but old site still being displayed
Softacolus login not working
How to secure website with cloudflare?
Will changing my DNS from GoDaddy to Cloudflare affect subdomains
I added a subdomain and added a dns record, but it's not working
SSL issue. I'm getting "uses an unsupported protocol."
Domain as an alias
SSL is not connecting
Firefox site not showing
Google can't reach my sites with cloudflare
SSL Certificate!
Error520, problem with wp-admin login Showing host error
Can't find my website online
More than 50% 525 Errors - Need technical help
Edge Certificate validation
Full Ssl Not Working On Blogger
Error 525 with ovh
Https green pad not showing
After adding Cloudflare free plan i got an invalid SSL error ( I have installed SSL certificate by Let's Encrypt and before it was working fine
SSL Lock not appearing on site
I have problem with ssl please help
Active SSL on my website
Getting error on page
SSL Issues - "SSL Version or cipher mismatch"
Failed to communicate with server
New WordPress Plugin Update Crashed Site
SSL cert active but not secure
Site works perfect on http but not https
Can't edit or create Wordpress post while proxied by Cloudflare
524 Error not related to host