Hello! I have a site that was working fine over SSL. The universal edge certificate expired 2 days ago and failed to updated to the renewed cert displayed on the Edge Certificate webpage. The site is now having ERR_SSL_VERSION_OR_CIPHER_MISMATCH due to the expired cert.
Previously the site was working fine and kept having the auto renew problem when it the cert expires.
I’ve followed all the common solutions I’ve seen in the community forum here to try and get the expired certificate removed and a new one issued. Nothing has worked.
What steps have you taken to resolve the issue?
Disabled Universal SSL , waited 15 minutes and reenabled. Tried again waiting 2-3 hours before re-enabling. Didn’t work.
There should be only 2 nameservers, however you have a third nameserver called . which is an invalid nameserver value.
Since Universal SSL will require TXT validation when creating or renewing a certificate, the TXT validation record will be added to your nameserver by Cloudflare automatically (except when your domain uses Partial/CNAME setup, which is not the case here). The process may fail when the certificate authority (could be DigiCert, Google Trust Services or Let’s Encrypt) tries to validate if your domain nameserver contains a specific TXT record, but the CA checks against the . nameserver - which is an invalid one and definitely doesn’t contain the required TXT record, hence it fails.
Your origin’s certificate is expired for your site’s hostname. If you do not know how to resolve this, visit SSL/TLS > Origin Server and follow our deploy an origin CA certificate guide to get a free certificate to install on your origin and then set Full (Strict) as your SSL Setting here: SSL/TLS