Universal SSL - invalid_request: additional_dns_name does not match any approved base domain

I have a domain that I have onboarded to Cloudflare and am serving through DNS. However, when it comes to issuing a universal SSL certificate it is not serving it. The error I am getting from Universal SSL is “invalid_request: additional_dns_name does not match any approved base domain”. And when requesting the page I get the error.

This site can’t provide a secure connection
fa-----(dot)com uses an unsupported protocol.

When trying to request http, I get upgraded to https

I have attached screenshot of the DNS setup. The A record directs to the IP of a DigitalOcean droplet serving a wordpress instance.

Any help would be greatly appreciated.

Have you tried disabling Universal SSL at the bottom of the SSL/TLS tab, waiting a few minutes and enabling it again? That should restart the process and often helps.

How often does the cert attempt to be regenerated? I disabled and re-enabled Universal SSL but the cert generated has the same expiry date and same error.

Hi @bryankc Could you open a ticket with us and post the ticket number here, so we can check internally?

Hi I’m not aware of how to post a ticket to Cloudflare support. Could you please direct me as to how I would do this?

I generated an advanced certificate with only the domain-name(dot)com as opposed to the cert containing the subdomain wildcard like *.domain-name(dot)com and it passed the validation.

Top right Dashboard.
-Support \ contact support \ Get More Help


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.