Dreamhost with Cloudflare error SSL_ERROR_NO_CYPHER_OVERLAP error

Site was working yesterday, now today that error is occurring. When I look at the CF certificate for this site, I see

I have a letsencrypt cert at dreamhost; is this because it’s not propagated to Cloudflare yet? Seems that the CF universal certificate should be showing up here.

I’m a little over my head here, but willing to try anything.

What’s the domain? You can use ` marks to prevent auto-linking the domain name.


The domain is spencerridleyvoiceover(dot)com
And I’m sorry, but I’m unclear how auto-linking the domain helps. I’m a bit over my head at this point.

The site loads fine for me, with no SSL error.

I see a new LetsEncrypt SSL certificate was issued yesterday 30th September at 6:34pm. So perhaps the problem is resolved already?

1 Like

The domain was removed from Cloudflare. I guess the op used cached DNS entries when he saw the SSL error, while Cloudflare had already deleted the certificate.

spencerridleyvoiceover.com. 172800 IN   NS      ns1.dreamhost.com.
spencerridleyvoiceover.com. 172800 IN   NS      ns2.dreamhost.com.
spencerridleyvoiceover.com. 172800 IN   NS      ns3.dreamhost.com.
;; Received 167 bytes from 2001:501:b1f9::30#53(m.gtld-servers.net) in 28 ms

spencerridleyvoiceover.com. 300 IN      A
;; Received 71 bytes from in 120 ms

@ridley.eric , if you did not remove the site from Cloudflare yourself, you should probably find out who did.

It’s loading because I’m bypassing cloudflare until I solve this problem. If I turn CF back on the site immediately fails to resolve again.

What’s odd is that I had no trouble at all with this site until yesterday. Then without making any changes at all, this happened. It’s not occurring to any of my other sites which are loading through Cloudflare.

Thanks, that’s a really good look at it. It was me who removed it from cloudflare to try to diagnose the problem. If I put it back in, the problem immediately reappears. The only thing I can come up with is that I can’t get a universal certificate to show up, the button to accept cloud flowers universal cert is grayed out, and dream hosts lets encrypt cert is not propagating out to cloudflare.

I’m still stumped, appreciate any help at all.

1 Like

The certificate on your origin server never will “propagate out” to the Cloudflare edge. That’s not how it works. Your origin certificates are used to encrypt communication between your origin server and Cloudflare when :orange: proxied, or your origin server and your vistors when they are directly accessing your origin server.

As long as your nameservers are with another provider, there isn’t anything to be done. If you move your domain back to Cloudflare and encounter issues, you don’t need to change your nameservers to bypass the Cloudflare proxy. You can set the relevant records to :grey: DNS Only or pause Cloudflare.

1 Like

Thanks, that helps me understand a bit, but I’m still confused.

So cloudflare is paused because I haven’t been able to diagnose the SSL issue which popped up. The universal cert is not displaying on my cloudflare control panel, and the option to add it is greyed out.

Not exactly, paused is a setting on the overview page of the cloudflare dashboard. Your site is no longer using cloudflare. Oh, and I just checked, it looks like you also did pause cloudflare prior to changing the nameservers away.

1 Like

I haven’t changed my nameservers in years, but two days ago this site began failing to resolve. No changes on our end.

1 Like

Thank you, that helps. You’re on a partial partner setup. In that type of setup, nameservers are not changed to cloudflare. If you unpause the site from your cloudflare dashboard, is that when the cypher overlap error happens?


Yes, that’s when the error happens.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.