Error SSL version or cipher mismatch AWS Lightsail install

Hello,
I have searched the forums and nothing has helped me resolve it and it seems to be a recurring problem.

What I have setup:

Amazon Lightsail with Wordpress so Bitnami install
I generated the SSL using /opt/bitnami/bncert-tool

Everything works 100% and I have an existing domain on the main domain, this is a subodmain to test the same site on a different setup.

The only snagging bit is when I turn on CloudFlare I get the error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What I have noticed is that it is actuall working on the subdomain without www.

https://subdomain.domain.com This is working.
https://www.subdomain.domain.com This gives the error

All cloudflare setups are correct, SSL issued the Universal so nothing wrong on the main site it’s just this subdomain on a different server but only the www. Both certificates are setup correct on the server itself as it works with CloudFlare off (grey cloud).

TLS/SSL is set to FULL in CloudFlare.

I have also re-done the install without any redirects setup during SSL generation and still an error on with www.

Second question is about renewal of the certificat.

SSL renewal will also fail on the server I assume as with CloudFlare on the IP is not correct so how do we renew the SSL with Let’s Encrypt without having to manually turn CloudFlare off on the domain, renew it and then turn it on?

Thank you for any help in advance.

That should be “Full strict” :slight_smile:

1 Like

Thank you Sandro.

As I sent that my eyes fell on the statement so in summary CloudFlare Universal SSL does not cover www.subdomain.domain.com but only subdomain.domain.com (without www or extra subdomain level).

How do I setup auto-renewal on the domain to make sure it renews without having to manually do it and turn off CloudFlare every time to do it? The server is going to say the IP is not the same.

Do you mean if you order the certificate or the domain itself? hangry.recipes is currently not registered with Cloudflare so the renewal has to happen with your registrar.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.