SSL Troubleshooting FAQ

Troubleshoot common SSL issues.


SSL on my free plan isn't working in an old OS/Browser

Universal SSL uses SNI, a relatively new protocol that older operating systems or browsers do not support. You may get SSL untrusted errors on older versions of Windows, or even cURL (*nix).

If you do not want visitors on older browsers or operating systems to have issues accessing your site via https://, then  consider upgrading to a paid Cloudflare plan for broader operating system and browser support. 


I am seeing a error message when I visit my site over https, what's going on?

Before our SSL vendor can issue a certificate for your domain name, it needs to go through a vetting process. Depending on your plan, this may take anywhere from 15 minutes to 24 hours (paid vs. free). You can look at the status of your cert by going to the Cloudflare settings for the domain. You will see the status in an Authorizing, Pending, or Verified state.


It's been 24 hours since I signed up for Cloudflare and my certificate hasn't verified?

Your domain name may be flagged for additional review before our vendors will issue a certificate. Please create a ticket letting us know and we will reach out to our SSL vendor for further analysis.


Why are my images/css/js files missing when I load my page over https?

This is typically an issue with SSL termination at the edge (i.e., Flexible SSL). The problem is that you're making a request for http resources on an https page. Most modern browsers block these requests from loading for security purposes. You can fix this by loading your assets relative to the protocol (HTTP/HTTPS.) The files path would look like this:
//domain.com/path/to.file
You can read more about this here.
Depending on your CMS, there may be modules/plugins to do this for you automatically. Cloudflare provides a means of doing so via Automatic HTTPS Rewrites.
If you're not sure this is the issue you're having, you can open Dev Tools in your browser and view the console tab. The error may looks something like this:

Mixed Content: The page at 'https://domain.com/' was loaded over HTTPS, but requested an insecure resource 'http://domain.com/path/to.file'. This request has been blocked; the content must be served over HTTPS.

  1. You can fix this by adding the relative protocol,
  2. or installing a certificate on your server and use Cloudflare Full SSL. 
Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk