Hacker News new | past | comments | ask | show | jobs | submit login

Your cert hasn't been issued yet. We are in the processing of issuing 2 million certs. You got a default cert that's sort of a 'catch all'. When that goes away your domain will have been issued a real cert.



Thanks for letting us know, just spent the past hour debugging this.

Perhaps get it in the FAQ so that when new users such as myself see the Error 525, we know to be patient?


Not trying to diminish the value of what you're doing, but, who gave you(Cloudflare) permission to issue SSL certificates for my domains, hypothetically speaking ofcourse? Shouldn't that be an opt-in process?


You did, when you delegated your domain to Cloudflare.


No, I didn't. I only gave them permission to act as nameservers for my domain(s). I don't even route my traffic trough cloudflare.


Faster man! Faster! :-)

Thanks for doing this - such an excellent initiative.


Since you ask so nicely I had your domain bumped up in the queue.


And now...

    $ curl -v https://dabr.eu
    * Adding handle: conn: 0x7faa1c000000
    * Adding handle: send: 0
    * Adding handle: recv: 0
    * Curl_addHandleToPipeline: length: 1
    * - Conn 0 (0x7faa1c000000) send_pipe: 1, recv_pipe: 0
    * About to connect() to dabr.eu port 443 (#0)
    *   Trying 104.28.21.97...
    * Connected to dabr.eu (104.28.21.97) port 443 (#0)
    * TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    * Server certificate: sni10021.cloudflaressl.com
    * Server certificate: COMODO ECC Domain Validation Secure Server CA 2
    * Server certificate: COMODO ECC Certification Authority
    * Server certificate: AddTrust External CA Root
    > GET / HTTP/1.1
    > User-Agent: curl/7.30.0
    > Host: dabr.eu
    > Accept: */*


You guys rock :-)

Better start updating my servers so they don't redirect wildly.


Hi John,

I know Cloudflare will be announcing later today, but how will people be enabling Full SSL (Strict) with this new rollout?

I see these certs being issued out automatically are to subdomains at cloudflare. Will customers who want to enable Full SSL (Strict) be given the ability to enroll for another certificate for free that is issued to their Common Name via your site?

(Context from Cloudflare's announcement: " Later today we'll be publishing a blog with instructions on how to do that at no cost. Once you've installed a certificate on your web server, you can enable the Full or Strict SSL modes which encrypt origin traffic and provide a higher level of security.")


I would expect that they issue you a certificate signed by Cloudflare, which allows them to verify your server & encrypt the connection, but it would not be a trusted CA in users' browsers, but rather it would be trused by Cloudflare internally.


After a week (or maybe a little earlier, I didn't check every day) I finally got my certifications. Thank you! But actually the https is broken because of mixed-content, caused by cloudflare.

My page declare css in relative path, like inc/style.css. Via cloudflare it becomes absolute http url, like http://mydomain.com/inc/A.style.css.pagespeed.cf.5Dzr782jVo.....

This won't work in https. You should change it to //, or better yet kept the relative path. Thanks.


I assume all domains under an account will get SSL? I have around 20 domains under mine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: