I keep getting error when I set up Origin Certificate


#1

Can anyone tell me why there is the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH? I know there is a article “Why am I getting a SSL mismatch error?”, but I still don’t understand why mine doesn’t work.
I followed a tutorial here, and here is my Nginx config file:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/nginx/ssl/key_origin.pem;
ssl_certificate_key /etc/nginx/ssl/key_private.key;
server_name example.com;
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection ‘upgrade’;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Also, some tutorials would add the following code:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;

Do I need to add these or not?


#2

Is your record through Cloudflare :orange: or :grey:? On your crypto tab what is the status for your Universal SSL certificate?


#3

Thanks for the reply. It is an orange cloud (through Cloudflare), and right now the error has gone. However, there is another question about this: I set the validation date of origin certificate to 2033, but the date on the certificate serving my site is 2019? Is it normal or not?


#4

The Origin Certificate is signed by a CA that only Cloudflare’s CDN trusts. If the cert got to you or your user’s browser they wouldn’t trust it. The cert you see when you look at it through a proxied :orange: domain is maintained by Cloudflare and signed by comodo, digicert, or globalsign (unless you pay them to use a cert you provide).


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.