Persistent ERR _SSL _VERSION _OR _CIPHER _MISMATCH Error with Certificate

I am reaching out regarding an issue that I have been facing with my website, hetjongerenrecht.nl, and another domain of mine. About three weeks ago, I tried to add hetjongerenrecht.nl to Cloudflare, but I received the following error message when trying to connect to the domain: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Upon checking my Edge certificate, I found that it was pending. After some time it said the status was timed out. Even after three weeks, I was still receiving the same error message when trying to connect to my website. Frustrated, I decided to remove my site from that Cloudflare account and added it to a new one (the one I am currently contacting you from).

However, the issue still persists, and I am still receiving the same ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message. I am unsure what to do to resolve this issue and would appreciate any assistance or guidance that any of you could provide me with.

Thank you in advance for your help.

Can someone please help me, I also contacted Cloudflare, but they are not responding.

Can you pause Cloudflare for starters?

Yes, I paused Cloudflare, what should I do next?

Next step would be to secure the server, as you do not have a valid certificate installed right now.

If your host does not provide that, you can also get an Origin certificate.

Also make sure your encryption mode on Cloudflare is Full Strict, otherwise SSL is not properly applied.

Thank you for your response. I do not know how to secure my server, the domain is pointing to a wordpress website that used DirectAdmin. I decided to try and install an Origin certificate. What I did was creating a Origin certificate and then I pasted the private key and the certificate into DirectAdmin (under SSL certificates >
Paste a pre-generated certificate and key). I hope this is what I was supposed to do, if not, I would really appreciate any further assistance. Am I now supposed to disable Edge certificates? I will now give it some time.

What you did was absolutely spot on and your site should be secure now.

Next, two things: verifying the encryption mode and fixing DNS

Is your encryption mode Full Strict?

Hello sandro, thank you for your quick response. The proxy status of my two A-records are both proxied (orange clouds), if that is what you mean by verifying the encryption mode. Both A-records are pointed to the right server. Also, my encryption mode is now on Full (strict).

Excellent, HTTP-wise your site is now secure.

What you need to do next is disable DNSSEC at your registrar (or set the values provided by Cloudflare).

I have disabled DNSSEC from my domain name hosting.

With registrar, do you mean the company I registered my domain name? Because I disabled DNSSEC there.

Correct, and yes it appears to be disabled but it is still announced, it may take a bit.

Perfect! Yes it probably takes some time. When connecting to my site I now get “HTTP ERROR 502”. After giving it a quick search, the internet told me this:“A 502 bad gateway message indicates that one server got an invalid response from another. In essence, you’ve connected with some kind of interim device (like an edge server) that should fetch all of the bits you need to load the page.”. Can this error be a result of the DNSSEC still being announced? Or can this error be created because I still have Universal SSL enabled in Cloudflare?

Currently your site loads fine, so the 502 may have been an intermittent problem.

There were actually quite a few issues, you had no SSL certificate, your DNSSEC configuration was incorrect, and the proxy certificate was not issued.

Simply wait until your registry really dropped DNSSEC. You can check that at DNS Checker - DNS Check Propagation Tool

I will do. Thank you a lot for your help!

DNSSEC has been dropped. I’d now disable Universal SSL on Cloudflare’s side, wait 30 minutes, and enable it again.

Did what you told me to do and it indeed works perfect now! Thank you so much for helping me out!