Aaaargh SSL problems setting up a site already using a Lets Encrypt cert


#1

Hi all,
Have had my site under attack today, webhost (Servint) suggested enabling Cloudflare which I’ve done, but not able to access the site due to:

This site can’t provide a secure connection
www.neckdiagrams.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

My site is setup with a Let’s Encrypt cert. I’m using a free Cloudflare account. Will Universal SSL work like this?

Cloudflare config:

Security level: high
SSL: Full
Universal SSL Status Active Certificate
There’s an Edge Certificate present (neckdiagrams.com, *.neckdiagrams.com (2 hosts))
Origin Certificates says “No certificates” - but I’ve been using my own Let’s Encrypt

I’ve tried the various SSL options (flexible, full strict, etc) but none make any difference. Presumably the change is instance and I don’t need to wait for anything to propagate.

It there any other config I need to adjust, or is a paid plan required in this scenario?!

Really appreciate any help, site’s been down since last night (UK time) so getting kinda stressed :wink:

Thanks!
Justin


#2

It sounds like you’re on the right path. Right now, you’re bypassing Cloudflare for your website. That error is usually when the Cloudflare certificate is not Active, but you say it is.

Origin Certificates is if you want to whip up a Cloudflare certificate for your server. You don’t need to since you already have one from Let’s Encrypt.

Your SSL setting should be Full (Strict).

Can you re-enable Cloudflare so we can take another look?


#3

My first post was being moderated so I decided to switch off Cloudflare for the time being so the site is at least accessible until can figure out what’s up with the config (and get some better sleep!)

I can enable Cloudflare again once you reply, as it’ll take the site down… In the meantime below are screenshots of the config.

Thanks!

!


#4

!


#5

!


#6

Hi, nearly two weeks now & no response…

I’m only going to re-enable Cloudflare when there’s someone around to look into this as enabling it makes the site inaccessible which obviously I don’t want to do for an extended period of time!


#7

I see you’re still using Cloudflare’s name servers, so that’s good. Now try to reset your SSL certificate:

On the Cloudflare Crypto page, go to the very bottom and click “Disable Universal SSL”
Wait 5 or so minutes to make sure it’s deleted.
Go back to the bottom of the Crypto page and click “Enable Universal SSL”
Wait for Active Certificate.
Re-enable site in DNS.

If that doesn’t work, open a Support ticket: support AT cloudflare DOT com