SSL error with new domain, cipher mismatch


Hi. I just signed my domain ( up with CloudFlare. It seemed to work fine after transferring the namesevers, but now I’m seeing ERR_SSL_VERSION_OR_CIPHER_MISMATCH when I try to access it.

In the dashboard the SSL option was set to “Full”; I also tried “Full (strict)” but still seeing the same problem. There’s also a line saying " Universal SSL Status Active Certificate".

I’m using a Let’s Encrypt certificate in my web app, and it was working fine before signing up for CloudFlare. Any known issues? Is there anything I can do on the server or in the dashboard to get this working again?

Thank you!


Under Crypto, SLL:

Try flexible.


I tried flexible, that didn’t seem to make a difference. It’s now been more than 14 hours with my website being inaccessible due to this issue. Should I just give up on CloudFlare and transfer the nameservers back? What am I doing wrong?


It can take up to 24 hours before the certificate is deployed.

You can :grey: grey cloud the record while waiting.


Is it expected for Universal SSL Status to be green / say “Active Certificate” during this period? I guess I’m close to 24 hours so I might as well wait and see… though I doubt things will just magically snap and work at the 24 hour mark.


Try installing a Cloudflare Origin Certificates found under Crypto. This should fix the issue.


I replaced my Let’s Encrypt certificate with one generated via Cloudflare Origin Certificates, and I’m seeing the same problem in Chrome:
This site can’t provide a secure connection uses an unsupported protocol.

Tried switching from orange to gray in the DNS section and this new Cloudflare certificate appears to be untrusted; which I presume is by design, it’s probably some sort of self-signed certificate meant to be used only for talking with Cloudflare’s own servers.


It looks like there really is a magical 24 hour cut-off, things suddenly started working at about the 24 hour mark, so we can consider this issue solved.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.