WWW version of website unsecured - unable to find solution

I am unable to get the www version of my site secured with an active certificate. It says that it expired 15 days ago (thought Cloudflare auto-renews them?), but for some reason when I renewed (disabled Universal SSL and renabled), it only secured the non-www version of my site. I do not have any sort of third-party certificate installed or anything else. I have disabled Universal SSL several times now and it still won’t work.

After looking through related issues in this forum, I am unable to find what I am looking for.

Any ideas?


You certificate has been properly issued


Can you post a screenshot of the error?

Well it appears my home network might be caching the page despite using incognito and clearing cache, but I think it may be working since my last re-enabling of Universal SSL. The issue was that it was giving me a “page not secure” message when typing in “www” in front of the URL, but it was fine when just typing in the domain without it. It kept showing the certificate had expired 15 days ago for the www version of my site.

I appreciate your quick reply. If I notice an issue again I will sure be back here. Thanks sir.

I take that back. I think it is in fact not working. I am still seeing that the certificate is invalid according to SSLHopper and SSL Labs.

In that case it might be an edge issue and some edges might not have received the renewed certificate. I’d open a support ticket.

Yeah, I’m opening up a ticket. The following are the scenarios that work:

www.goudarziyounglaw.com – works
goudarziyounglaw.com – works
http;//www.goudarziyounglaw.com – works
http://goudarziyounglaw.com – works
https://goudarziyounglaw.com – works
https://www.goudarziyounglaw.com – DOES NOT WORK

The HTTP versions are irrelevant as they are not using a certificate in the first place.

So the difference it between the naked domain and www, assuming they resolve to the same IP address for you, you should hit the same edge server and if the naked domain works I’d expect www to work as well. I cant reproduce your error but if you say you cleared the cache I really can only refer you to support.

Both SSL Labs and SSL Hopper both have https://www variation of the URL as expired. Also, GTMetrix and Pagespeed can’t crawl it either. They can crawl the “www” but not the “https://www” version. Waiting to see what support says.

They do resolve it to different IP addresses however.

whos your hosting provider, you should issue an ssl there and encrypt there so no matter what you can force https even if Cloudflare fails, if you dnt youre open to attacks between you and Cloudflare because tour info is not encypted at all

A certificate on the origin is unrelated to the error at hand.

well, if he had one on the origin he wouldnt need to worry as much because he could force https when your ssl cert fails. maybe i misunderstand how fallbacks work

Not sure what you are trying to say. First, it is not clear whether or not the OP has a certificate on the origin. Second, even if he does, it would not fix the issue at hand.

Alright guys, this issue is resolved.

CF looked into it and it is because FindLaw is also a Cloudflare customer and that is who my client had their website through previously, and the certificate was still showing up on the Cloudflare Edge as expired from them being with FindLaw previously. Apparently this is a “known” issue that they have been working on. They granted me a dedicated certificate and everything is good to go now.

I appreciate all of your help.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.