Community Tip - Fixing SSL ERROR NO CYPHER OVERLAP in Mozilla

Error
Try the suggestions in this Community Tip to help you fix SSL ERROR NO CYPHER OVERLAP in Mozilla.

Background
A website using HTTPS performs a series of steps between the browser and the web server to ensure the certificate and SSL/TLS connection is valid. These include a TLS handshake, the certificate being checked against the certificate authority, and decryption of the certificate. If Mozilla detects an issue, it might display “SSL_ERROR_NO_CYPHER_OVERLAP” which prevents access to the site.

Screen Shot 2022-01-27 at 12.55.03 PM

Quick Fix Ideas

  1. Grey-cloud/deactivate Cloudflare so that the website uses the origin’s SSL certificate
  1. Re-start the process
  • Go to the SSL/TLS app on your Cloudflare dashboard and scroll down to the bottom
  • Click the Disable Universal SSL
  • Wait for a few minutes then click the Enable Universal SSL
  1. PATCH the validation method with the API using https://api.cloudflare.com/#ssl-verification-edit-ssl-certificate-pack-validation-method.

  2. Follow the Apex Validation steps here.

  3. Understand how the certificate works
    Certificates will only cover a single level of subdomains (.example.com, but not *…example.com):

  • Will work - www.example.com
  • Will work - example.com
  • Will work - test.example.com
  • Will NOT work - www.test.example.com
  • Will NOT work - staging.www.example.com
  1. Wait 24 hours, in most cases, this is just a timing issue. Check if you have an active SSL certificate under the SSL/TLS app, if it it says “Initializing Certificate”, wait until you see Active Certificate. Pause Cloudflare in the meantime.

Lite Reading
https://support.cloudflare.com/hc/en-us/articles/200170566-Why-isn-t-SSL-working-for-my-site-

Community Tutorial

Background Resources
Help Center
Learning Center
YouTube

Research The Issue
Community
Google

Security Option
If you need a deeper subdomain with HTTPS, such as www.subdomain.example.com, then you should consider Advanced Certificate Manager, to cover more than one level of subdomain, remove Cloudflare branding from the Universal certificate, or adjust the shortest certificate lifespan.

If You Need More Help
This community of other Cloudflare users may be able to assist you, login to Cloudflare and post your question to the Community. When you post on the Community make sure to include as much of this information as possible: the specific error message you are seeing, the URLs this is happening on, screen shot of the error, and the steps to reproduce the error. Please indicate what troubleshooting steps you’ve tried in order to help us help you.

Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments that start with words like: “The three things I always try”, or “Do this first” or “In my experience”.

This is a Cloudflare Community Tip, to review other tips click here.

Çevirme…traduzir…翻译…traducir…Traduire…Übersetzen…:greyg: Translate this Tip

FXCOCT 103119

6 Likes