Overview
The following provides answers to commonly asked questions about how DreamHost SSL certificates are implemented with Cloudflare. See this article for further information.
If any of these limitations are not acceptable to you, then the only option is to disable Cloudflare on the domain.
FAQs
How long does it take to set up a certificate with Cloudflare?
-
Cloudflare may take up to 24 hours to set up your certificate. Until the setup completes, you may be unable to connect to your site over HTTPS or may receive invalid certificate warnings.
What certificate do visitors to my site see?
-
Visitors to your site will only ever see the certificate that Cloudflare creates. The certificate you set up in the DreamHost panel will not be visible to your site visitors if the site is using Cloudflare.
What about second-level subdomains and SSL warnings?
-
Second-level subdomains do not work with Cloudflare's free option. This means that if you try to set up SSL and Cloudflare for www.blog.example.com, you may see warnings like "Connection Not Encrypted" when visiting the page.
These warnings won't appear on first-level subdomains like blog.example.com or www.example.com.
Why is my site displaying an SSL cipher error?
-
If you have a valid Secure Certificate on your website, double-check the SSL/TLS tab in your Cloudflare account and ensure you have Full (Strict) selected. See this article to learn more about Cloudflare's SSL settings.
What happens if I don't enable Cloudflare on the main domain?
-
You will receive warnings if Cloudflare is not enabled on the main domain.
If you want SSL to work on any of your subdomains with Cloudflare, you must also have your main domain enabled on Cloudflare. The SSL Certificate provider imposes this limitation: without the main domain being on Cloudflare, the certificate will not be valid for the subdomains.
For example, if you want to have SSL enabled on blog.example.com and use Cloudflare, then you must also enable Cloudflare on example.com.
Can I use Cloudflare’s Universal SSL option?
-
Yes. All new domains that choose to use Cloudflare's basic plan will have Universal SSL available. Please note that this is not recommended since the Universal SSL certificate does not fully protect your site traffic. View Cloudflare's blog post for further details.
How do I fix the Error 526?
-
After enabling SSL with Cloudflare and then visiting the HTTPS version of your site, you may receive the following 526 Cloudflare error message:
Website is offline. Error 526. Invalid SSL certificate
This error indicates an issue that you must correct within your Cloudflare account. To fix this, see these instructions, which show how to log in to your Cloudflare panel and set the SSL option to FLEXIBLE.
After changing this option in Cloudflare, your site should immediately resolve using HTTPS.