Skip to content

Check domain SSL/TLS

Once you add and activate your domain at Cloudflare, you also should check your domain's SSL/TLS certificate is working correctly.

What are SSL/TLS certificates?

SSL/TLS certificates let websites use https at the start of the URL (instead of http), which is a more secure connection protocol. HTTPS is good for website security, user privacy, SEO, and much more.

For more details on SSL/TLS, refer to the Learning Center.

By default, Cloudflare issues — and renews — free, unshared, publicly trusted Universal SSL certificates to all domains added to and activated on Cloudflare.

For domains on a full setup1, your domain should automatically receive its Universal SSL certificate within 15 minutes to 24 hours of domain activation2.

This certificate will cover your zone apex (example.com) and all first-level subdomains (subdomain.example.com), and is provisioned even if your records are DNS only. However, the certificate will only be presented if your domain or subdomains are proxied.

Footnotes

  1. The most common Cloudflare setup that involves changing your authoritative nameservers.

  2. Provisioning time depends on certain security checks and other requirements mandated by Certificate Authorities (CA).

Can you visit your website?

To make sure your website's SSL/TLS is working correctly, try visiting your website over an HTTPS connection (where you specify the https:// at the beginning of the URL, like https://example.com).

If you have any deeper subdomains (test.www.example.com), also try visiting those over HTTPS (https://test.www.example.com).

Potential issues

Sometimes, domains added to Cloudflare can experience issues in SSL/TLS certificates.

flowchart TD
accTitle: Potential SSL/TLS issues
A[Request to <code>https://</code><code>example.com</code>] --> B[<code>ERR_SSL_VERSION_OR_CIPHER_MISMATCH</code>]
B --> C[Domain or subdomain not covered by certificate]
A --> D[<code>ERR_TOO_MANY_REDIRECTS</code>]
D --> E[Redirect loop between <code>http</code> and <code>https</code>]
A --> F[Error <code>525</code> or <code>526</code>]
F --> G[Mismatch origin and Cloudflare settings]

For more details on these errors and how to fix them, refer to the following resources: