• Cloudflare cannot validate the SSL certificate at your origin web server
  • Full SSL (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.


Step 1: Set SSL To Full

For a potential quick fix, set SSL to Full instead of Full (strict) in the Overview tab of your Cloudflare SSL/TLS app for the domain.

Step 2: Verify SSL Certificates

Request your server administrator or NET Support to review the origin web server’s SSL certificates and verify:

  • Certificate is not expired
  • Certificate is not revoked
  • Certificate is signed by a Certificate Authority (not self-signed)
  • The requested domain name and hostname are in the certificate’s Common Name or Subject Alternative Name
  • Your origin web server accepts connections over port SSL port 443
  • Temporarily pause Cloudflare and visit (replace with your hostname and domain) to verify no issues exists with the origin SSL certificate
Step 3: Configure The Domain

If the origin server uses a self-signed certificate, configure the domain to use Full SSL or Flexible instead of Full SSL (Strict).