Problem SSL


#1

Hello,

I have a error in my website ( ERR_SSL_VERSION_OR_CIPHER_MISMATCH ), in my vps in ovh i have a certificat SSL letsencrypt. I have checked Full (strict) in Cloudflare page Crypto.

Thanks


#2

Hi @arnaud.doub have a look at this.


and


#3

I used letsencrypt for about 6 months until renewing the certificates every 90 days became quite labour intensive based on how many clients were involved. This was not really because it wasn’t easy (not to mention free), we started testing using the Cloudflare generated certs and applying them on our NGINX and PHP7 Ubuntu (16.04) machines. These servers proved out during testing (and the subsequent upgrade of all our client machines/VPS). This is far easier (and also free) for end to end (origin) encryption using ciphers (EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5) and the TLSv1 TLSv1.1 TLSv1.2 protocols (see image). You can try this “live” and switch back at any time.

We developed a python plugin for the Ajenti server control panel to onboard clients to Cloudflare (still under development) and the SSL interface is pretty sweet (standard, not part of our plugin).

Just go to the crypto tab in you Cloudflare panel and Generate a free TLS certificate signed by Cloudflare to install on your origin server. (make sure you copy them to a text editor in real time, or directly into each pem file as they will have to be regenerated if you don’t have them after closing the tool in Cloudflare.

The really sweet part is the expiry (15 years) and if you want to redo them anytime, rinse & repeat.


#4

Hi, i read that i have to wait 24 hours to activate ssl. I added a certificate on my hosting and redirect htaccess. cludflare block my site. If i pause service and resume after 24 hours ssl will be enable or i have to leave enable (site down)?


#5

Hi, over 30 hours ago, I ordered a free SSL plan for my URL and I exchanged the nameservers at Namecheap to the ones, I got from Cloudflare.

But I still get the message “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” in my chrome browser (and also in other browsers) when I use my URL with https (using “http” still works fine).

Do I still have to wait, that the SSL is activated or is there a mistake on my side/site (= wordpress)?


#6

@ganone

Can you please try one thing?

Login to Cloudflare > Go to Crypto tab > Turn off SSL for 5 minutes > Then re-enable Flexible SSL > It may show a message like this (Issuing certificate).

Once it is complete in few minute, I hope that you can access your site in HTTPS version. No worry. If the problem persists, consider doing setup your domain once again, after deleting from Dashboard. It should take less than a minute. :slight_smile:

I have seen this kind of problem, and I resolved this way.

Thanks


#7

When you say “ordered a free ssl plan” do you mean the “Universal” certificate? Changing the Nameservers is the first step, did you also create the cert.pem and privkey.pem on your origin host machine from the values Cloudflare generated? If you meant “Flexible” plan than that is not necessary but it’s not encrypted back to your host.


#8

@GulshanKumar

I tried your first proposal (Turn off SSL for 5 munutes & the turn it on as Flexible SSL).

  1. I got: “Initiating Certificate” after 1 or 2 minutes &
  2. after nearly 18 hours I do now have an “Active Certificate”

Now all works very fine. Thanks a lot.


#9

Nice to know, You’re welcome!


#10

Hello,
I also have the problem of certificate name mismatch.Details are in https://app.box.com/s/ryll6gzcikqj0d5ldvftem9e1ormtu2t

I use the host service of hostgator, from the picture, it indicates that common name is wrong. Any suggestions to fix this? Any answers are welcome.

And my site is already active on cloudflare side, which means the name server is successfully changed to the one required by cloudflare.

related information,
SSL

Encrypt communication to and from your website using SSL.
It may take up to 24 hours after the site becomes active on Cloudflare for new certificates to issue.
Note: SSL certificate issuance may take up to 24 hours.
Status Active Certificate


#11

Hi @debra321,

I can’t view that screenshot unfortunately. Can you try again for us?


#12

A post was split to a new topic: Certificate Name Mismatch Problem


#13

A post was split to a new topic: SSL Error (uses an unsupported protocol)


#14