No required SSL certificate was sent

I am the site owner of a WordPress eCommerce website at The site is SSL-only, uses a LetsEncrypt wildcard certificate, runs under HTTP Strict Transport Security (HSTS) and is currently preloaded in Google Chrome. Site media is pulled from remote S3 object storage (Wasabi) via a custom subdomain, and the whole site is on the Cloudflare CDN, with end-to-end encryption provided by a Cloudflare certificate.

What I’ve found so far is that if I clone the site to a new server and change the IP address the DNS points to, I end up with a secure connection to the new site which doesn’t load, shows an NginX “400 Bad Request” error, and “No required SSL certificate was sent”, which must be something to do with Cloudflare as the certificate its actually using is the server’s LetsEncrypt wildcard certificate.

What’s the workflow and correct step-wise process for migrating this site to a new server? And is that the same workflow/process to follow if I need to resize the server?

Does your zone have “Authenticated Origin Pulls” enabled in SSL/TLS -> Origin Server? It sounds like your server is expecting a certificate in the request.

Yes it was on. Now its off and the problem remains. I think you’re right about expecting a cert its not getting, but where in the chain is it missing from?

You may just want to turn that off at the server. Or fix the certificate that’s supposed to be on the server.

I turned it off and left it off, but the problem is still there.
As far as I know I have copied all of the certificates to the new server.
How do I work out which certificate it wants and is not getting?

This topic was automatically closed after 31 days. New replies are no longer allowed.