Weird certificate problem

You probably forgot to include the www in the vhost config.
You should find lines like:

Here is my virtual host

<Directory /var/www/html/>
Require all granted
</ Directory>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/

    ErrorLog /var/log/apache2/
    CustomLog /var/log/apache2/ combined

RewriteEngine on
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</ VirtualHost>

Or, since now I see that you are using CloudFlare, you may need to include the WWW in their configuration.

curl -Iki
HTTP/2 200
date: Sun, 17 Mar 2019 20:40:10 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d039532466cdcf62530df81c129ddf7b81552855208; expires=Mon, 16-Mar-20 20:40:08 GMT; path=/;; HttpOnly
set-cookie: phpbb3_bkj55_u=1; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/;; secure; HttpOnly
set-cookie: phpbb3_bkj55_k=; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/;; secure; HttpOnly
set-cookie: phpbb3_bkj55_sid=dd39125225706a00e81f29ab92d2bb36; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/;; secure; HttpOnly
cache-control: private, no-cache=“set-cookie”
expires: Sun, 17 Mar 2019 20:40:10 GMT
expect-ct: max-age=604800, report-uri=“
server: cloudflare
cf-ray: 4b91c7bf6b4ab955-MIA

curl -Iki
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Addresses: 2606:4700:30::681c:aba

Addresses: 2606:4700:30::681c:bba
2606:4700:30::681c:aba is using cloudflare, but not

Maybe I should add it too?

Hi @fernandoch

the site use Cloudflare:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 1 0
A yes 1 0
AAAA 2606:4700:30::681c:aba yes
AAAA 2606:4700:30::681c:bba yes A yes 1 0
A yes 1 0
AAAA 2606:4700:30::681c:aba yes
AAAA 2606:4700:30::681c:bba yes

But the Cloudflare certificate is a wildcard without the www-version:, O="CloudFlare, Inc.", 
L=San Francisco, S=CA, C=US
expires in 362 days,, * - 3 entries

www doesn't work:

SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

No, sorry, both are like that

Hi @JuergenAuer

And do you know how to fix it?

These may be your internal ip addresses.

But your public ip addresses are etc.

If you want to use Cloudflare, you must have a complete certificate before you activate Cloudflare.

So first deactivate Cloudflare, so the 37.... is your public ip address. Then create a correct certificate, then activate Cloudflare.

Or use the Cloudflare - integrated solution.

A few hours earlier I have updated the page

and added a link to the Cloudflare blog @schoen had shared.

I had the complete certificate before activating cloudflare.

Maybe. But we can't check it. We see only Cloudflare.

Oh, wait. I can check it. But I need your complete ip.

Or check it direct using my tool -

Yesterday I have added a new field - Hostname.

So it's possible to add the ip address in the main field and the hostname in the extra field.

Then you can check it without having a dns A- or AAAA entry.

So you need two checks: Both with the same ip address and one time the non-www, the other time the www domain name in the hostname field.

1 Like

Just removed the certificate and created it again but now with cloudflare…

A bit lost in here, what to do? Should I remove cloudflare and stay without it?

Recheck the domain to see if it works -

You need to either disable Cloudflare’s proxy on or buy a Dedicated Certificate with Custom Hostname that matches that hostname from Cloudflare.

I will disable cloudflare from all the domain I guess…

With that what do we get?

The last check is one hour old - (that post Weird certificate problem - #7 by JuergenAuer ).

If you have changed your configuration, then you can recheck your domain.

But if I recheck, then what?

Is there a proper way to have a certificate with cloudflare? Or better to remove cloudflare?

The tool is only an online tool to see the configuration. Without too much manual checks.

There are a lot of websites using Cloudflare. But I don't know the details, I don't use Cloudflare. You can use it with an own working certificate. But then you need first a working configuration, then activate Cloudflare.

The thing is now I need to copy all the A records and everything manually back to namecheap…

Cloudflare copies them automatically the other way around…