Problem Description
When using Cloudflare SSL for your website, you may encounter a situation where:
- Accessing example.comworks fine
- Accessing www.example.comresults in an “Invalid SSL certificate” error
Cause Analysis
This issue is typically caused by incorrect configuration of Cloudflare SSL rules.
Solution
To resolve this issue, follow these steps to change your SSL/TLS encryption mode:
- Log in to your Cloudflare account
- Select the domain you’re working with
- Go to the SSL/TLS section
- Find the “SSL/TLS encryption mode” settings
- Change the Custom SSL/TLS setting to Full
This setting enables end-to-end encryption and should be used when your origin server supports SSL certification but does not use a valid, publicly trusted certificate.
Explanation
The “Full” SSL mode in Cloudflare creates an encrypted connection between your visitors and Cloudflare, and another encrypted connection between Cloudflare and your origin server. This setup allows Cloudflare to establish a secure connection with your server even if it’s using a self-signed or expired certificate.
By switching to this mode, you ensure that both example.com and www.example.com are properly covered by the SSL certificate, resolving the “Invalid SSL certificate” error for the www subdomain.
Additional Important Step: Domain Redirection
After modifying the SSL settings, it’s crucial to set up proper domain redirection. You have two options:
- Redirect www to root domain: Set up a 301 redirect from www.example.comtoexample.comOR
- Redirect root to www: Set up a 301 redirect from example.comtowww.example.com
This step ensures consistency in your website’s URL structure and improves SEO by preventing duplicate content issues.
To set up the redirect in Cloudflare:
- Go to the “Rules” section in your Cloudflare dashboard
- Click on “Create Page Rule”
- Enter the URL pattern you want to redirect (e.g., http://www.example.com/*orhttp://example.com/*)
- Choose “Forwarding URL” as the setting
- Select “301 - Permanent Redirect” as the status code
- Enter the destination URL (e.g., https://example.com/$1orhttps://www.example.com/$1)
- Save and deploy the rule
Remember to test your website after making these changes to ensure everything is working as expected, including both the SSL connection and the domain redirection.