SSL error, site down when activating Cloudflare

Hello, we have a free cloudflare account with Cloudflare from bluehost, each time we activate cloudflare we get ERR_SSL_VERSION_OR_CIPHER_MISMATCH and on Universal SSL Status we get Ineligible for SSL, can you help us?
we want to use cloudflare but with this issue is impossible, can you let us know what needs to be done?
it’s been more than a week since we signed with Cloudflare and the ssl is on the same status, Help!

What is your site?

www.pepitos512.com

yes I read all that nothing in there works, already opened a ticket and no answer yet

What is your SSL setting set to?
It is under crypto

as I said on my original post
I get this as status
Universal SSL Status we get Ineligible for SSL,

Even though under Edge Certificates it says
Your plan includes a shared Cloudflare Universal SSL certificate.

Hi @mpgraphicdesigns, I’ll make sure we update the tip @Jake1st shared so it reflects your solution as well.

I was not familiar with that error but it has been discussed a few times here on the site, sample here, Cloudflare not creating new SSL Certificates. Seems the route of adding directly to Cloudflare as opposed to bluehost is the way to sidestep this. I am not certain as to their rationale for not supporting the free cert. There are options, but its not just a configuration switch.

Edit - can you share your ticket number?

1 Like

Hi @cloonan here is the ticket number 1693190
its a bit stupid that if they offer this plan through Bluehost to only have to do a different setup, I spoke to Bluehost and they said that Cloudflare should be the one provinding the SSL cert, I would appreciate if there was a solution that doesn’t include me changing all my DSN manually now

Hi, thank you, I see the ticket and your reply. I have added myself to it in order to keep an eye on progress. In reviewing past tickets with a similar use, I suspect our next reply is going to be: you signed up through partial setup with Bluehost, Bluehost has opted not to use Cloudflare universal ssl certificate so you’ll need to contact Bluehost for this issue. Bluehost will then probably tell you to get a CRT and Key for the Universal SSL Certificate from Cloudflare. Unfortunately, that is not something we support for Cloudflare SSL and it sounds like they don’t have an alternative option. I know it is not desirable, but I think the most expedient is to sign up through Cloudflare directly.

This is a pain indeed, it doesn’t make any sense, if I sign up through CF it means I need a new account or I can do the new setup with the same I already have?

I’d add it to your existing account. Once you once you do that, you’ll have two name servers assigned, have your registrar remove your existing name servers and replace with the two Cloudflare name servers. You’ll also want to remove the zone from your existing account (overview tab, lower right side, “Remove zone from cloudflare”). I’d also get in contact with Bluehost and let them know your intent just in case they have any options or special instructions for removing.

Edit - as you go through this change, make note of your origin ip address so you have it handy

And when the ssl gets activated on CF? The time starts running when I add the site or when the nameservers are propagated?

It can take up to 24 hours for us to detect the name server change and up to another 24 hours to provision the certificate. But, normally the entire process will happen much faster than that. I’ve seen instances of sign up to certificate taking about an hour, :crossed_fingers:.

But the website will work during that or will be down?

Good question. As long as you’ve re-created the DNS records you need, the process should be seamless without downtime. This is an area where “measure twice, cut once” is good to keep in mind, check the records, make sure they’ve either been imported or re-created accurately. This usually only gets complicated if you have DNS records of subdomains pointing to a number of different end points.

WRT the SSL certificate, I think it is again planning to know if you want to set to Full or Full (Strict) (the most secure two of the three options available) and having a certificate in place to accommodate/complement the setting. Giving a quick scan to the the tutorials about adding records and crypto settings in this category, https://community.cloudflare.com/c/tutorials is probably good prep.

I’m with bluehost again to see if they can find their head lol what has me a bit scared is the SSL end of things, I know DNS change is usually seamless but what if the SSL is not fast issued and I’m stuck with a “insecure page” because all my links will be https without a valid SSL?

@cloonan look what I got from bluehost

i can see that the SS has already installed and if you activate the Cloudflare the website won’t work with SSL. Once the Cloudflare is activated you need to contact them in order to install the SSL. Currentlly it is showing the SSL error because the SSL is already installed from our server and if we disable it you will be able to active the Cloudflare without any error.

does that sound correct to you?

1 Like

Hi,

try to check this guide Troubleshooting SSL errors:

1 Like

That sounds much better…I was confused as to why they’d not offer an ssl option if they were preventing universal ssl. Makes sense. I just went to the site and it loads securely, on the crypto tab, can you please turn on Always Use HTTPS? That will forces the page to load https://www.pepitos512.com.

@cloonan I did the setup via cloudflare, it was really fast i just did it a bit ago, the ssl is active and changed to strict and also added the setting you just recommended!

Now where I can turn on the cloud?

1 Like

On the DNS tab you’ll see :grey: click them to turn :orange:

1 Like