Universal ssl not working on new domain

Hello, My universal ssl shows as active in flexible mode but it doenst work in firefox or chrome
i get this error in firefox SSL_ERROR_INTERNAL_ERROR_ALERT and in chrome ERR_SSL_PROTOCOL_ERROR
i have tried disabling universal ssl and reenabling but new certificate is not issued the old one is reapplied.
status shows as green and active under edge certificate.
i have also tried removing domain from Cloudflare and re adding it but no luck the same old ssl is reapplied.

You currently have a security issue.

i know flexible is not good, but its working on my other sites on the same server and at the moment i dont have a dedicated ssl on my web host so i need this flexible universal ssl

That’s the point, Flexible is not secure and you have no encryption. If you are concerned about SSL, you need to fix this first. Otherwise disable it and that will also fix the SSL issue.

You best pause Cloudflare for now (Overview screen, bottom right) and talk to your host to get that fixed.

unfortunately buying an ssl on the web host is not an option so i can only implement flexible till Cloudflare. so how do i set that up? its working on my other domains but doesn’t work on the new one. did something change ?

does firefox and chrome not allow flexible till Cloudflare any more what changed ??
its still working on my older domains in Cloudflare

Why is buying a certificate not an option?

Plus certificates are free anyhow, as are Cloudflare Origin certificates.

Bottom line, do you need SSL or not? If you do, you need to fix the server. If not, just set it to “Off” and there’s no certificate issue.

1 Like

it started working in flexible mode without ssl on server. it looks like a dns propogation issue which took more than 24 hours to resolve.
free certificates are only available from lets encrypt from from commercial web hosting. i have lets encrypt on a few a of my vps’s so really dont feel like paying for comodo etc on a commercial web host when i can get lets encrypt for free.

anyway it started working just have to wait for get dns to resolve.

We are going a bit in circles I am afraid.

Let’s Encrypt is free for everyone, as are Origin certificates. If none of these free options are possible, you can always go for a paid certificate. “Not feeling like” is a poor argument to keep your visitors insecure.

Bottom line, your encryption mode should be Full Strict and you do need a certificate on your server if you want a secure site, which you are obviously after, right?

the site is only text and images doesn’t collect any user information or online payments etc. so don’t have a real need for ssl there, a partial flexible till Cloudflare will do. just to give the impression to users that that the site is secure in the brower tab thats all.

commericial web hosts like godaddy, ionos, ipage etc. dont give an option for free lets encrypt. they only have paid comodo etc.

anyway it started working after dns propogation so all good.
Thanks for writing.

If you don’t need SSL, simply turn the encryption mode to “Off” and you have no certificates to consider in the first place. That’s the easiest.

That’s exactly the issue. You are lying to your visitors I am afraid, you are deceiving them.

I am not sure this is accurate, there are plenty of Cloudflare users with these hosts who are using Origin certificates.

I would have turned it off but that insecure connection message in tab just throws users off, so better to have the secure padlock than not, when its free , i don’t see a need to have a ssl site when its only just texts ad images, no man in the middle attack to read some text and images which is anyway freely available on the site to open and see.

the option for lets encrypt is there in vps or dedicated only, its not on shared hosting.

Of course it will show an insecure warning, when you are not on SSL, that’s not much of a surprise.

Again, you either have a secure site or you don’t. There’s not a bit pregnant. Currently you do not have a secure site.

If your host does not offer you a secure option, it may be a good idea to change host.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.