Can't order an auto-renewing certificate

What is the name of the domain?

dii.dn.ua

What is the error message?

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What is the issue you’re encountering

The site does not work with Proxied by Cloudflare

What steps have you taken to resolve the issue?

We try to order an auto-renewing certificate, but the “Next” button is not active.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

Screenshot of the error

You don’t need to order Universal SSL, it is the default option which is why the next button is not active in your screenshot.

The DNS records for your domain dii.dn.ua are not proxied so those requests are going direct to your origin and won’t use the Cloudflare SSL.

For www.dii.dn.ua, it seems the certificate hasn’t been generated.
https://cf.sjr.org.uk/tools/check?9120ae5d85e743f48f399195a45298f5#connection-server-https

Make sure Universal SSL is enabled at the bottom of this page in your dashboard…
https://dash.cloudflare.com/?to=/:account/dii.dn.ua/ssl-tls/edge-certificates

If it is enabled, try disabling it, wait 2-3 minutes, then re-enable it again.

Also check your SSL/TLS setting is set to “Full (strict)” or “Strict” in your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

Thanks for replay!

Yes! We must to disable proxying otherwise we get an error:

Blockquote

Secure Connection Failed

An error occurred during a connection to www.dii.dn.ua. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

Blockquote

Universal SSL is enabled.

Also changed “Full” to “Full (strict)”

Only Type=Backup

I’ll try it this at evening since the site should be up and running now.

I tried this, it didn’t help.
There is only one certificate in the backup status in the list of Edge certificates.
On the second domain in the same account, I see two certificates, one in the active status (universal type), the second in the backup status, issued backup type.
I tried to switch Universal SSL On/Off, both with proxy enabled and disabled, and waited 10 minutes. After turning on the universal certificate did not appear.
At this point, proxying is enabled on www.dii.dn.ua, proxying is disabled on dii.dn.ua.
A 301 redirect to https://dii.dn.ua is configured from the domain www.dii.dn.ua, but it does not work because the browser cannot establish an SSL connection.

https://cf.sjr.org.uk/tools/check?9120ae5d85e743f48f399195a45298f5

Any ideas?

Today I completely removed the domain dii.dn.ua from Cloudflare for a few hours, then added it back to Cloudflare, as a result even the backup certificate disappeared.
I disabled proxying and Universal SSL for 15 minutes, then I enabled proxying and Universal SSL again - nothing helped.

Can anyone help?

Resolved by create new account and move all domains under new account.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.