Can't find any Universal Certificate getting error Cipher_mismatch

Hello,

When I enable “Proxy status” instead of DNS only, I get the error “SSL_ERROR_NO_CYPHER_OVERLAP” in Firefox and “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” in Chrome.

This website is hosted at Siteground and I have a valid SSL certificate for each subdomain. Comparing the settings with other websites that are working fine with enabled proxy, I found that I don’t have any universal certificate listed in the “Edge Certificates”, I do have a backup certificate but not an Universal.

How can I issue/get a universal? Down in the page, at “Disable Universal SSL” it seams to be enabled because I have the option to disable it.

I already updated TLS since Siteground supports TLS 1.3, also revoked and regenerate the certificates but when I enable the proxy status at DNS management the websites goes down.

Can you please help me in solve this issue?

Thank you.

What is the domain?

Hi!
The domain is techy.pt

Your site (including SSL) is working ok for me, but the DNS records aren’t proxied so any SSL issues are on your origin server/host as requests are going direct there, and not through Cloudflare.

https://cf.sjr.org.uk/tools/check?362ad12d046a431ba29a3e6977f47ac8#dns

1 Like

Thank you for your help but if I enable proxy status the website won’t work, I think that is missing a Universal Certificate that should be listed in the Edge Certificates.

I’ve enabled now the proxy status, in a few moments it will be down again.

Leave the proxy on so it can be checked.

If you think Universal SSL is enabled, but not working, you can disable it, wait 2-3 minutes, then re-enable it again to see if that forces the certificate to be deployed.

[add] Can see it here, try disabling and re-enabling as above…
https://cf.sjr.org.uk/tools/check?7ae0603d722048a0bfd549fd3bd6190d#connection-server-https

Also make sure your SSL/TLS settings are “Full (strict)” here so SSL connections are made from Cloudflare to your origin…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

1 Like

Thank you! I disabled it, waited a few minutes and enabled it again. It’s pending validation! :sweat_smile:

I do have Full(strict) mode :+1:

Hoping that after validation process it will work fine. Thank you for your help and quick reply :slightly_smiling_face:

A certificate has just been issued, just wait for Cloudflare to deploy it…

[add] That was likely the backup certificate (maybe what was stuck), there is now a certificate active that was issued a bit earlier today from GTS…
https://cf.sjr.org.uk/tools/check?e512aeb5c61f44f992e772d46ddcc692#connection-server-https

All should now be good.

Yes! Everything is now working fine! Thank you!!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.