SSL_ERROR_NO_CYPHER_OVERLAP on all proxied sub-domains of a single main domain

Hello, I am currently experiencing the error SSL_ERROR_NO_CYPHER_OVERLAP on all proxied sub-domains on a specific domain (meaning other domains pointing to the same hosts on my account work fine), non-proxied domains work completely fine.

I’ve also been experiencing complete 30 second or so blackouts (in the past month or so) on all of the proxied sub-domains (also speaking about the same single “main” domain, other domains on the account are fine) pointed to multiple hosts.

Mind you, some of these sub-domains are pointed to completely different hosts on completely different networks in different countries and with different applications. So I do not think this is a problem on my side.

Oh and also, I’ve been using Cloudflare for about 5 years now, and this problem only started happening about a month ago.

Any help is very much appreciated. Oh, and sorry for my bad explanation :), I will try to explain specific things in more detail if someone asks.

Thank you!

What is the domain and the subdomains you are having trouble with (and also some that are ok)?

A random problematic one is https://404.xxxx.com(this one is proxied through cloudflare, and then points to our proxy) - should be a simple static HTML site.

And a working one is https://panel.xxxx.com (not proxied through cloudflare, points directly to our reverse proxy) - is a simple static HTML “You have hit and LZnetwork proxy.”

Edit: Another working one pointing to our reverse proxy as well is https://eu-web.lz-ts.com - this is a different domain but has almost the same config as https://404.xxxx.com and is also proxied through cloudflare but it works.

Also, this one is not working as well but points to another server in another country: https://webmail.xxxx.com

And just in case you ask, in the SSL/TLS section on cloudflare I have the mode selected as “FULL” since I am using a let’s encrypt certificate on all apps.

You should use “Full (strict)” so that the LetsEncrypt certificate is checked for validity.

You don’t appear to have a Cloudflare edge certificate for your domain…
https://cf.sjr.org.uk/tools/check?c1fc1154cb0d4676924de13af2612799#connection-server

Ensure that Universal SSL is enabled here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

If it is already enabled, you can try to:

  • set your DNS records to “DNS only”, wait at least a minute, then set to “Proxied” again.
  • disable Universal SSL, wait at least a minute (an hour is sometimes recommended) and then enable it again.

Thank you very much! I enabled the “Full (strict)” mode.
I also had Universal Certificates disabled for some reason, I reenabled it, it is now pending validation, so I think that my issue should be fixed, I am going to update this after the validation completes.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.