General SSL errors
Until Cloudflare provides an SSL certificate for your domain, the following errors may appear in various browsers for HTTPS traffic:
This connection is untrusted
Your connection is not private
Safari can't verify the identity of the website
- Edge / Internet Explorer:
There is a problem with this website's security certificate
Only some of your subdomains return SSL errors
only cover the apex domain (
example.com) and one level of subdomains (
blog.example.com). If visitors to your domain observe errors accessing a second level of subdomains in their browser (such as
dev.www.example.com) but not the first level of subdomains, resolve the issue using one of the following methods below.
- Purchase an that covers
- Upload a that covers
- Enable .
- If you have a valid certificate for the second level subdomains at your origin web server, change the DNS record for
Your Cloudflare Universal SSL certificate is not active
All active Cloudflare domains are provided a . If you observe SSL errors and do not have a certificate of Type Universal within the Edge Certificates tab of the Cloudflare SSL/TLS app for your domain, the Universal SSL certificate has not yet provisioned.
Our SSL vendors verify each SSL certificate request before Cloudflare can issue a certificate for a domain name. This process may take anywhere from 15 minutes to 24 hours. Our SSL certificate vendors sometimes flag a domain name for additional review.
No Universal certificate
If your Cloudflare SSL certificate is not issued within 24 hours of Cloudflare domain activation:
- If your origin web server has a valid SSL certificate, , and
- and provide a screenshot of the errors.
Temporarily pausing Cloudflare will allow the HTTPS traffic to be served properly from your origin web server while the support team investigates the issue.
Full DNS setup
Partial DNS setup
OCSP response error
Visitors to your site observe an OCSP response error.
This error is either caused by the browser version or an issue requiring attention by one of Cloudflare’s SSL vendors. In order to properly diagnose, with the following information provided by the visitor that observes the browser error:
Incorrect HSTS headers
- Go to Rules > Transform Rules.
- Under HTTP Response Header Modification, check the existing rules for a rule that is setting the value of one of the HSTS headers (
- Delete (or edit) the rule so that the HSTS configuration settings defined in the SSL/TLS app are applied.
- Repeat this procedure for the other HSTS header.
You are getting the error
NET::ERR_CERT_COMMON_NAME_INVALID in your browser.
- Make sure that you are using a browser that supports . Refer to for more details.
- Ensure that the hostname you are accessing is set to in the DNS tab of your Cloudflare Dashboard.
- If the hostname you are accessing is a second level subdomain (such as
dev.www.example.com), you’ll need to either:
To avoid SSL errors with the Cloudflare dashboard when using Kaspersky
dash.cloudflare.com in Kaspersky.