Review Universal Certificate for *.nursium.com, nursium.com

Registrar Dash Ticket - After getting my domain with Cloudflare registras, it is not working with universal certificate

After getting my domain with Cloudflare registras, it is not working with universal certificate, earlier it was fine when it was registered somewhere else but using the Cloudflare nameservers and the traffic was routed via Cloudflare . But since I moved the domain registrar to Cloudflare it stopped .

Review Universal Certificate for *.nursium.com, nursium.com
The certificates in the pack listed below are managed and auto-renewed by Cloudflare.

Certificate Expiration
ECDSA SHA 256 2020-10-09

there is always this error despite of the orange cloud on .I have tried all possible help articles available and searched the community to no gain.

ticket number 2385263

Greetings,

Thank you for asking.

I am sorry to hear you are experiencing an issue/error with your domain while using Cloudflare.

When try to access your Website, I got SSL_ERROR_NO_CYPHER_OVERLAP .

More information about this error can be read at the article from below:

Furthermore, I can see DNSSEC is enabled and good.
WHOIS status for your domain is also good.

Before moving to Cloudflare, was your Website working over HTTPS connection?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

What happens when you temporary unproxy, switch to :grey: (DNS-only) or temporary enable the “Pause Cloudflare for this site” option from the Overview tab of Cloudflare dashboard for your domain name? :thinking:

You can determine this by following below instructions:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
  4. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Due to transfering your domain to Cloudflare Registrar, kindly may I ask you to re-check if your nameservers listed under your Cloudflare account are grace and toby or some other?

Using DIG, I got this two:

;QUESTION
nursium.com. IN NS
;ANSWER
nursium.com. 21600 IN NS grace.ns.cloudflare.com.
nursium.com. 21600 IN NS toby.ns.cloudflare.com.

I am sorry to hear you are experiencing an issue with the Universal SSL certificate provisioning for your domain name.

May I ask how long? 24 hours or even longer?

Have you tried temporary Disabling Universal and re-enabling it from the Cloudflare Dashboard → SSL/TLS → Edge Certificate → scroll down to the section " Disable Universal SSL"?

If you open up the Developer Tools (F12) on the SSL/TLS → Edge Certificate page, it should also show the actual error which would be very useful to know.

May I suggest below article for help and troubleshooting:

I am not aware what happened here so far if you transfered your domain to Cloudflare Registrar, as far as your domain was using Cloudflare nameservers before that event and in general, domain name has to be activated (by updating the domain nameservers) and then you will be allowed to enabled Universal SSL as described in:

@cloonan

Thank you for sharing your ticket number. I’ve escalated this.

Kindly and patiently wait for a reply on a ticket and here.

3 Likes

Thanks fo such an elaborated reply :
Before moving to Cloudflare, was your Website working over HTTPS connection? : Yes it was working , I host with siteground so they are partership with Cloudflare and I was using the Cloudflare with them.

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )? **is set to FULL Strict **

****What happens when you temporary unproxy, switch to :grey: (DNS-only) or temporary enable the “Pause Cloudflare for this site” option from the Overview tab of Cloudflare dashboard for your domain name? :thinking: **I could use website flawlessly after pausng Cloudflare , and the SSL from LETSNCRYPT works good at server level , as soon as I enable the Cloudflare it stops **

You can determine this by following below instructions:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com . ** It works after pausing the Cloudflare**
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
  4. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Yes They are Grace and Toby , I confirm.

Its been atleast 72 hours now. I have tried disabeling and reenabling the Universal SSL as you told earlier , it did not make any change unfortunately.

The developer tool says : " Unchecked runtime.lastError: The message port closed before a response was received."

It should have been the same as you mentioned, but the Cloudflare system has not triggered the renewal of the certificate , there must be a glitch as it is a renewal and not new certificate.

Other points from the Help Articles you mentioned Community Tip - Best Practices For Certificate Provisioning :slight_smile:
How long has it been “authorizing” for? 72 hours around
What of the trouble shooting steps above have you tried? tried fresh browser not only incognito, universal ssl turn off and on , waited 72 hours to be provisioned, orange cloud is on , cotacted support.
What is the plan level for the domain in question?Free
What error, if any, is displaying on your site at the moment? ** This site can’t provide a secure connection

nursium.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH**

Are you signed up directly through Cloudflare or through a hosting provider/partner? ** My registrar is Cloudflare while hosted at Siteground**

Anticipating help .

2 Likes

Hi there!

I’m sorry for the trouble with the expired certificate. Thanks for giving @fritex’s suggestions a try. I have replied on the ticket.

4 Likes

Thanks Scott for your expertise in it . It has been solved now and working like a charm.
To the folks may come searching with same kind of issue:
Please go through the instructions in here: Community Tip - Best Practices For Certificate Provisioning , and if this does not work even after 48 hours , please submit a support ticket , as it might need a manual intervention by Cloudflare team , as in my case.
Scott kindly helped to put Edge certificate manually .

4 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.