I keep getting a cipher mismatch error no matter what


#1

Hi there,

I’m using CloudFlare through DreamHost as an integrated partner for domain ecosourcellc.net. Status is currently marked as “active”. Under Crypto, there is no marker for Universal SSL Status, but that is not abnormal for DreamHost sites (other active and functional sites also do not have a marker to indicate Universal SSL Status under Crypto).

Domain is held with Network Solutions, though is pointing to DreamHost nameservers. There is no SSL certificate active with Network Solutions for the domain.

SSL certificate has been removed from the host (It was previously a Let’s Encrypt certificate which had the same issue as this one). Site is accessible via http, but yields “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” when accessed via https. I have tried in the Crypto settings OFF, Flexible, Full, and Full (Strict), with none fixing this issue. DreamHost support has confirmed the HTTPS version of the site is accessible on their end, and said I needed to contact CloudFlare support.

Any ideas?


SSL error for a Dreamhost activated cloudflare account
#2

Have you seen this?


#3

Yes. Unfortunately I’ve been googling around about this for a couple of days. I can’t modify DNS records within CloudFlare due to it being a partner with DreamHost.

I am not using subdomains, so that scenario does not apply.

I can try restarting Universal SSL again and see if it helps any. Can’t hurt it anymore than it is.


#4

It’s working for me, though it has a bit of mixed content. It’s even reachable by this test, which identifies Mixed Content and other SSL issues:
https://www.whynopadlock.com/results/6690f197-f7ea-40fd-8f90-504fe7ff8fa2


#5

Aha! Disabling and re-enabling the Universal SSL seems to have cleared it up. Mixed content is to be expected for the moment since I had to disable the SSL initially to try to get this to work. What a silly fix.


#6

I have the some problem as elaluationunit and I’m hosted on dreamhost too. I try to disable and re-anable the Universal SSL but the problem persists.
Checked also for mixed content on whynopadlock and I haven’t any.
My solution is to have paused the site on cloudflare.
Do you have any other advise to try?
Thank you
PS disabling and re-enabling the Universal SSL works for a very short time and not on all the platforms I tested, this in my case


#7

Did you remove any SSL cert on the Dreamhost side? I had to do that first.


#8

No but if I remove the certificate how will give me a new one?
I have let’s encrypt on and according to dreamhost I have to set on CF strictly mode, I done this.


#9

Hi @borisdifiore, can you share the domain name?


#10

Cloudflare will provide an SSL cert if you don’t have one. Try removing your let’s encrypt cert and then turning universal ssl off then on again.


#11

@cloonan yes for sure
www.juliusk9greece.com
actually CF if paused


#12

@evaluationunit I would like to not do this because I don’t know how many time CF needs to release a new one and I need to have up and running the site. Really it is an error that can’t be explain without a try-error procedure?


#13

When I did it, CF was up in barely a manner of an hour or so. Perhaps do it at a time when you have less traffic? Although if you’re experiencing the cipher mismatch issue chances are people aren’t able to visit your site right now anyway.


#14

@evaluationunit People actually are able to visit because I paused CF so they go to dreamhost not to CF


#15

Hi found the solution with the CF help,

1 Resume cloudflare
2 Visit the site (you will see the error you were seeing)
3 On the Crypto tab, disable Universal SSL & wait 5 minutes
4 Enable Universal SSL, clear your browser cache, visit the site, let us know if you still see the error. Once the cert is issued, on the Crypto tab, you’ll see Active Certificate as opposed to Authorizing. It may take as long as 24 hours after you enable universal ssl for the certificate to be issued.

I leave this here in case somebody has the some problem. The certificate was released in less then 1 hr but the site was up an running without problem after I point 3 was completed.
:slight_smile:


#16

Those are the steps you described two days ago yourself and precisely what @domjh posted a week ago. How did this now make any difference compared to before?


#17

@sandro I have no idea why two days before was not working! I know those are the right steps, I applied them following the instructions and this was the reason why I search here and then opened a ticket. I wasn’t able to understand why it didn’t work even if I followed by the book the procedure.
How did I have no answer to give you now, but now it works and I’m grateful to CF support team and to CF community for the support and the advise they gave.


#18

The first time, Universal SSL was toggled while the site was paused.