SSL - error for some users while try reach via https



a day ago (more then 25 hors) i started a free plan here and activating the SSL options.
for me, the ssl cert is good, i can see the lock icon and green without any problem.

However, some other users have other problems:
1 - “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” (see 1st attached file below 1.)
2 - “ERR_CERT_AUTHORITY_INVALID” (see 2nd attached file below 2.)

Please, the https feature really need to work in my site -
Is there anyone who else having this problem before?
I’ve searched in the forums and saw a lot related topics but I couldn’t resolve mine.

1. Attached file:

2. Attached file:


If they proceed, what is shown as the certificate authority? It is possible the user could have a cached DNS answer for their machine and the traffic isn’t going through Cloudflare.


If they proceed, the cert auth showing that there is no any cert for ssl…
How could they hard clear the DNS?
*They tried to use the “ipconfig /flushdns” command in cmd without any good results.

It’s really could be the problem because the site isn’t new and before cloudflare the site didn’t had an ssl cert, and those specifix users maybe use a lot of time in this site…


if they do a dig for your domain or nslookup do they get these IPs?

dig +short


No! that really the problem! (from my computer I can see the IP is
How can they clear this DNS localy?
And maybe more important, why this happend to them? I don’t want this problem occure to other users of course…

Thanks, please guide me from here what to do…


Found the solution.
As cscharff said, the problem was localy on some users machine.
The solution was to run the command “ipconfig /flushdns” (for Windows operation).
**But the tricky is, what I was not able to see clearly was that the user who run this command to clear the dns wasn’t the administrator for his local system, so the dns doesn’t flush…
What I did was of course run the command line as administrator and the run this command :slight_smile:

Hope it will help to someone else, and will be glad if anyone have any idea why for specific users the DNS wasn’t clear as it was to me?
My best guess is that those users was really invloved and spend a lot of time in the old site (with the old dns) and that’s why they didn’t saw the change until they hard run the command “ipconfig /flushdns”.


It could have been a long TTL for the entries with the old DNS provider or a non-RFC-compliant upstream DNS server. On the plus side, with your orange clouded records, if you change the origin behind those the IP address your users see doesn’t change. Glad you got it sorted.


This topic was automatically closed after 14 days. New replies are no longer allowed.