Causes
- Cloudflare cannot validate the SSL certificate at your origin web server
- Full SSL (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.
Fixes
Step 1: Set SSL To Full
For a potential quick fix, set SSL to Full instead of Full (strict) in the Overview tab of your Cloudflare SSL/TLS app for the domain.
Step 2: Verify SSL Certificates
Request your server administrator or NET Support to review the origin web server’s SSL certificates and verify:
- Certificate is not expired
- Certificate is not revoked
- Certificate is signed by a Certificate Authority (not self-signed)
- The requested domain name and hostname are in the certificate’s Common Name or Subject Alternative Name
- Your origin web server accepts connections over port SSL port 443
- Temporarily pause Cloudflare and visit https://www.sslshopper.com/ssl-checker.html#hostname=www.example.com (replace www.example.com with your hostname and domain) to verify no issues exists with the origin SSL certificate
Step 3: Configure The Domain
If the origin server uses a self-signed certificate, configure the domain to use Full SSL or Flexible instead of Full SSL (Strict).