Cloudflare Docs
SSL/TLS
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Error messages

To help avoid ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors, Cloudflare automatically shows an error message - This hostname is not covered by a certificate - on proxied DNS records not covered by a TLS certificate.

​​ Pending domains

If you recently added your domain to Cloudflare - meaning that your zone is in a pending state - you can often ignore this warning.

Once most domains becomes Active, Cloudflare will automatically issue a Universal SSL certificate, which will provide SSL/TLS coverage and remove the warning message.

​​ Active domains

If your zone is already active on Cloudflare, this warning identifies subdomains that are not covered by your current SSL/TLS certificate.

By default, Cloudflare Universal SSL certificates only cover your root domain and one level of subdomain.

HostnameCovered by Universal certificate?
example.comYes
www.example.comYes
docs.example.comYes
dev.docs.example.comNo
test.dev.api.example.comNo

To prevent insecure connections on a multi-level subdomain, do one of the following:

If none of these solutions work, you could also remove the multi-level subdomain.