SSL error on Cloudfare DNS


I have let’s encrypt ssl active on my host. Later I have transferred DNS to cloud fare and uninstalled let’s encrypt ssl.

And now my site is showing: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

And in Cloudfare DNS record, CAA showed DNS only in proxy status.

For past 30 hours, I am unable to open my site.

Can anyone help???

Sorry, that’s a mistake. Re-install that a quickly as possible, otherwise your site is insecure. That’s also why you have that error.

Cloudfare has universal ssl for free plan, won’t it interfere if…ssl at my host is active.

No, the Cloudflare certificate is only for the proxies and if you don’t have a certifcate on your server you obviously can’t have a secure connection.

The certificate on your server needs to be in place. You could only replace it with an Origin certificate if you want, but you still need one there.

Thank you…but to activate ssl at my host, I have to first point dns to my host aand activate ssl and then later change dns to cloud fare.

Is there another way??

In that case you might want to go that route

Origin certificate is it under business plan??

Origin certificates can be issued on all plans. It’s a few clicks and you have a proper certificate for Cloudflare.

Thank you for your help!!!:grinning:

No worries.

Why you should choose Full Strict, and only Full Strict has all details on that, also how to get the certificate.

I have added origin certificate from cloudfare to my host, and ssl is enabled showing there but still

No SSL certificates were found on Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.

Message shown on

And I am unable to open my site due to ERR_SSL_VERSION_OR_CIPHER_MISMATCH
( Unsupported protocol - The client and server don’t support a common SSL protocol version or cipher suite.)

What should I do??

Check the Edge Certificates section under SSL/TLS. You should see an Active certificate.

That would indicate Cloudflare has not provisioned the proxy certificate yet.

Check for that and possibly disable Universal SSL for an hour and then re-enable it.

1 Like

Thank you!!!

1 Like

Appears to have worked. Now just make sure your encryption mode is Full Strict and you are all set :slight_smile:

Yes…it worked and I have changed ssl to strict mode.

Thank you for your help!!!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.