SSL_ERROR_NO_CYPHER_OVERLAP after LE new cert

Due to SSL_ERROR_NO_CYPHER_OVERLAP I have had to disable Cloudfare on my site.

I was first informed that my website is unreachable as in GitHub issue Nuitka #1748 and that was not with firefox, could have been safari.

After a LE certificate update, I noticed that direct access with my ssh subdomain, that is configured to bypass Cloudfare, mostly for ssh access, was still not working for https, but I added that hostname, I believe I didn’t have to do that in the past, so maybe a firefox or letsencrypt change had been happening. After that the ssh site was giving me the working site.

This has not helped my test of main site with the certficate updated. It still says “SSL_ERROR_NO_CYPHER_OVERLAP” and I don’t know if it did that initially. In fact, I had not tried myself. I did after my cert update though. I also tried Internet explorer and it said something along the lines of no cert available. When I disable it, and I have to keep it, such that people can reach my shop, it still works with both.

I have no idea how to enable Cloudfare and know that it is going to work. I have tried all SSL modes (it was full mode, where a self signed cert would have worked), I tried full mode strict assuming firefox wants that and the more relaxed one, with no change. I do not feel I have the time to wait long until changes take effect. I tried purging all cache files in cloudfare.

Of course my website is now much slower and what not, please advise. Is there a time I have to wait before a re-activate of the proxying has a chance to not make my site unaccessible. How to best test this, when most probably DNS records are going to be cached for myself

Also, I did do a trial after some time, and unpaused, and checked with GT Metrix, and they reported an SSL error, where previously the monitoring of my site just worked. I of course paused it again. But the DNS cache had still effect on GT metrix.

I have reviewed other threads, and I am not having this on a subdomain, but on the top level domain, and in fact all sublevel domains that I have on cloudfare too. I do not recall changing any setting. I was on full, but not strict, for SSL proxying, and tried all other settings, except disabling SSL.

Also, I am on a pro plan, and it says I have a edge certificate included.

What can I do?

what is the site?

Did you click the error SSL_ERROR_NO_CYPHER_OVERLAP to go to a #CommunityTip with quick fix ideas?

Are you still having an issue?

I was not allowed to post links, so I removed them all, but still got marked as spam, nuitka dot net is the site.

Having no edge certfificates was identified as part of the issue. I was turned off by the statement of the recommened option

Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no dedicated certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS."

So I held off that, until yesterday, whenI got desparate enough. Now I do have a certificate, but it is in state “pending validation” for all that time, and of course I still cannot enable the site without it breaking due to no SSL.

For the record, I was apparently subject to a bug that finally got fixed by them. There was nothing I could do.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.