Site don't open in several countries - ssl error

Security
#1

Hello!

I Have a strange problem with Cloudflare and my site.
Sitename: epictech.ru (WordPress, ubuntu + Nginx. Located in Russia, GMT+3, Cloudflare plugin installed and connected)

After I added the site to Cloudflare, several hours passed and the site was finally added. I received a email with confirmation about it.

After adding to the Cloudflare, my site opens normally in Russia, and «Google PageSpeed Insights» shows an increase in speed as it would be. However, this makes the site unavailable from other countries. If I try to open it, from the Netherlands using VPN, and I get errors:

Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Firefox: SSL_ERROR_NO_CYPHER_OVERLAP

If I try to check the SSL certificate using the ssllabs.com site, but service can’t find my site. I don’t know why, but the ssllabs thinks that the time of my site belongs to the time zone UTC+0. But in fact, the site is located in the UTC+3 zone and time and date are set well. Maybe this is some source of an error?

I tried to change the SSL certificate but it didn’t help. I tried to change settings in Cloudflare (disable SSL, minifying, etc), but it didn’t help again.

I tried to search for a solution in Google, look for it here, but did not find an option that would help me. What can cause SSL-errors in browsers, and how can you fix them?

#2

Just quick checked and tested, works and loads fine from Croatia as far.
Connecting over ProtonVPN (several countries) works good too.

#3

Thanks for testing fritexvz!
For now I disabled Cloudflare Proxy, but problem always returns, when I start it back :worried:

#4

Have you checked here:

#6

Hi @deniszaycev, are you still encountering issues?

I noticed your ticket with Support and can see that your DNS records are set to :ngrey: (not proxied), if you click those they’ll change to :orange: (proxied). You should do that for the DNS records called epictech.ru & www.

When you disable SSL it removes the certificate; when you re-enable it a new certificate is provisioned. Toggling off and on multiple times results in certificates being removed and then new certificates being issued, over and over again.

But, the new certificate won’t be issued if your record is set to :ngrey:. I’d proxy the records, disable universal ssl, wait 10 minutes and then re-enable it. Basically steps 1 & 2 in the #CommunityTip that @fritexvz shared.

1 Like
#7

This topic was automatically closed after 31 days. New replies are no longer allowed.