SSL_ERROR_NO_CYPHER_OVERLAP & Orange cloud (Traefik2 with let's encrypt certificate)

Hello,

I have the domain lopezsancho.cat hosted with traefik2 and Let’s Encrypt certificate. With gray clouded and/or Cloudflared paused all subdomains work flawlessly. However, if I active orange cloud in few seconds appears the error SSL_ERROR_NO_CYPHER_OVERLAP in Firefox or ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chromium. I have tested in different computers with the same result.

I followed this guide Community Tip - Fixing ERR SSL VERSION OR CIPHER MISMATCH in Google Chrome with the same result.

My settings is:

### Your SSL/TLS encryption mode is Full (strict) I tested also with Full or Off with the same results
### Always Use HTTPS ON
### HTTP Strict Transport Security (HSTS)
Status: On
Max-Age: 3 months
Include subdomains: Off
Preload: Off
I disabled it with the same result
### Minimum TLS Version 1.2
### Opportunistic Encryption On
TLS 1.3 On
Automatic HTTPS Rewrites On
And finally Universal SSL disabled. If I enable it then works well with the Cloudflare’s SSL certificate

You can test it with https://test.lopezsancho.cat (it have a orange cloud right now) and check my Let’s Encrypt certificate with https://whatever.lopezsancho.cat

Thanks in advance for your help. I’m stucked wih this from weeks!

That’s the issue. You need to have that enabled.

Your server certificate won’t show up as that is important for the connection from the proxy. The connection to the proxy needs to be the Universal certificate.

2 Likes

Hi!

Thanks for your fast answer. There is not a possibility to use Let’s Encrypt certificate without use Universal SSL through Cloudflare’s proxy? My websites look like slower using it

If you want your own certificate you need a Business plan. However certificates are unrelated to performance. Proxying could make things a tad slower, but even that won’t be noticable and caching will speed up things again anyhow.

2 Likes

Ok, I’ll try then.

Thanks!

This topic was automatically closed after 30 days. New replies are no longer allowed.