ERR SSL VERSION OR CIPHER MISMATCH on second level wildcard certificate at origin

Hey Cloudflare Community,

we just stumbled upon an issue where we have a wildcard certificate under a subdomain, which seems to have issues with Cloudflare not being able to provide SSL ciphers.

We’re getting this message in Chrome and Edge, and a similar one in Firefox:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

The site is like this:
first.second.name.io

And the wildcard certificate from Let’s Encrypt is for *.second.name.io.

Disabling the Cloudflare proxy and directly exposing the origin server seems to work fine. It’s hosted in an Azure App Service, and SSL Labs doesn’t seem to find any issues with it.

Do you have any ideas? Looking forward to getting your feedback!

Best regards
Georg {redacted}

Here we go.

3 Likes

Hey @sandro, thank you very much for the quick response!

That was an easy fix😀 We’ve used the Advanced Certificate Manager and created a custom wildcard certificate.

I’m not sure if it’s the right place here, but a notification in the UI would be great - I think that’s something that could be easily checked by Cloudflare, and it’s cheap and easy to buy, so probably a win-win for everyone.

Thanks again!

Best regards
Georg Dangl

No worries :slight_smile:

You can post a thread at #feedback:feature-request.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.