SSL error on Cloudfare DNS

user16392 · December 31, 2021, 9:14am

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I have let’s encrypt ssl active on my host. Later I have transferred DNS to cloud fare and uninstalled let’s encrypt ssl.

And now my site is showing: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

And in Cloudfare DNS record, CAA showed DNS only in proxy status.

For past 30 hours, I am unable to open my site.

Can anyone help???

sandro · December 31, 2021, 10:13am

Sorry, that’s a mistake. Re-install that a quickly as possible, otherwise your site is insecure. That’s also why you have that error.

user16392 · December 31, 2021, 11:47am

Cloudfare has universal ssl for free plan, won’t it interfere if…ssl at my host is active.

sandro · December 31, 2021, 11:48am

No, the Cloudflare certificate is only for the proxies and if you don’t have a certifcate on your server you obviously can’t have a secure connection.

The certificate on your server needs to be in place. You could only replace it with an Origin certificate if you want, but you still need one there.

user16392 · December 31, 2021, 11:51am

Thank you…but to activate ssl at my host, I have to first point dns to my host aand activate ssl and then later change dns to cloud fare.

Is there another way??

sandro · December 31, 2021, 11:52am

In that case you might want to go that route

user16392 · December 31, 2021, 11:54am

Origin certificate is it under business plan??

sandro · December 31, 2021, 11:55am

Origin certificates can be issued on all plans. It’s a few clicks and you have a proper certificate for Cloudflare.

user16392 · December 31, 2021, 11:56am

Thank you for your help!!!

sandro · December 31, 2021, 11:57am

No worries.

Why you should choose Full Strict, and only Full Strict has all details on that, also how to get the certificate.

user16392 · December 31, 2021, 1:58pm

I have added origin certificate from cloudfare to my host, and ssl is enabled showing there but still

No SSL certificates were found on beautybrute.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.

Message shown on sslshopper.com

And I am unable to open my site due to ERR_SSL_VERSION_OR_CIPHER_MISMATCH
( Unsupported protocol - The client and server don’t support a common SSL protocol version or cipher suite.)

What should I do??

sdayman · December 31, 2021, 2:02pm

Check the Edge Certificates section under SSL/TLS. You should see an Active certificate.

sandro · December 31, 2021, 2:44pm

That would indicate Cloudflare has not provisioned the proxy certificate yet.

Check https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates for that and possibly disable Universal SSL for an hour and then re-enable it.

user16392 · December 31, 2021, 3:13pm

Thank you!!!

sandro · December 31, 2021, 3:15pm

Appears to have worked. Now just make sure your encryption mode is Full Strict and you are all set

user16392 · December 31, 2021, 5:04pm

Yes…it worked and I have changed ssl to strict mode.

Thank you for your help!!!

system · January 3, 2022, 5:04pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.