SSL error with new domain, cipher mismatch

Hi. I just signed my domain ( up with Cloudflare. It seemed to work fine after transferring the namesevers, but now I’m seeing ERR_SSL_VERSION_OR_CIPHER_MISMATCH when I try to access it.

In the dashboard the SSL option was set to “Full”; I also tried “Full (strict)” but still seeing the same problem. There’s also a line saying " Universal SSL Status Active Certificate".

I’m using a Let’s Encrypt certificate in my web app, and it was working fine before signing up for Cloudflare. Any known issues? Is there anything I can do on the server or in the dashboard to get this working again?

Thank you!

Under Crypto, SLL:

Try flexible.

I tried flexible, that didn’t seem to make a difference. It’s now been more than 14 hours with my website being inaccessible due to this issue. Should I just give up on Cloudflare and transfer the nameservers back? What am I doing wrong?

It can take up to 24 hours before the certificate is deployed.

You can :grey: grey cloud the record while waiting.

Is it expected for Universal SSL Status to be green / say “Active Certificate” during this period? I guess I’m close to 24 hours so I might as well wait and see… though I doubt things will just magically snap and work at the 24 hour mark.

Try installing a Cloudflare Origin Certificates found under Crypto. This should fix the issue.

I replaced my Let’s Encrypt certificate with one generated via Cloudflare Origin Certificates, and I’m seeing the same problem in Chrome:
This site can’t provide a secure connection uses an unsupported protocol.

Tried switching from orange to gray in the DNS section and this new Cloudflare certificate appears to be untrusted; which I presume is by design, it’s probably some sort of self-signed certificate meant to be used only for talking with Cloudflare’s own servers.

It looks like there really is a magical 24 hour cut-off, things suddenly started working at about the 24 hour mark, so we can consider this issue solved.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.