I keep getting error when I set up Origin Certificate

Can anyone tell me why there is the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH? I know there is a article “Why am I getting a SSL mismatch error?”, but I still don’t understand why mine doesn’t work.
I followed a tutorial [here](https://kb.virtubox.net/Help Center/Cloudflare-ssl-origin-certificates-nginx/), and here is my Nginx config file:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/nginx/ssl/key_origin.pem;
ssl_certificate_key /etc/nginx/ssl/key_private.key;
server_name example.com;
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection ‘upgrade’;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Also, some tutorials would add the following code:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;

Do I need to add these or not?

Is your record through Cloudflare :orange: or :grey:? On your SSL/TLS app what is the status for your Universal SSL certificate?

Thanks for the reply. It is an orange cloud (through Cloudflare), and right now the error has gone. However, there is another question about this: I set the validation date of origin certificate to 2033, but the date on the certificate serving my site is 2019? Is it normal or not?

The Origin Certificate is signed by a CA that only Cloudflare’s CDN trusts. If the cert got to you or your user’s browser they wouldn’t trust it. The cert you see when you look at it through a proxied :orange: domain is maintained by Cloudflare and signed by comodo, digicert, or globalsign (unless you pay them to use a cert you provide).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.