SSL error with new domain, cipher mismatch


#1

Hi. I just signed my domain (iampicard.com) up with CloudFlare. It seemed to work fine after transferring the namesevers, but now I’m seeing ERR_SSL_VERSION_OR_CIPHER_MISMATCH when I try to access it.

In the dashboard the SSL option was set to “Full”; I also tried “Full (strict)” but still seeing the same problem. There’s also a line saying " Universal SSL Status Active Certificate".

I’m using a Let’s Encrypt certificate in my web app, and it was working fine before signing up for CloudFlare. Any known issues? Is there anything I can do on the server or in the dashboard to get this working again?

Thank you!


#2

Under Crypto, SLL:

Try flexible.


#3

I tried flexible, that didn’t seem to make a difference. It’s now been more than 14 hours with my website being inaccessible due to this issue. Should I just give up on CloudFlare and transfer the nameservers back? What am I doing wrong?


#4

It can take up to 24 hours before the certificate is deployed.

You can :grey: grey cloud the record while waiting.


#5

Is it expected for Universal SSL Status to be green / say “Active Certificate” during this period? I guess I’m close to 24 hours so I might as well wait and see… though I doubt things will just magically snap and work at the 24 hour mark.


#7

Try installing a Cloudflare Origin Certificates found under Crypto. This should fix the issue.


#8

I replaced my Let’s Encrypt certificate with one generated via Cloudflare Origin Certificates, and I’m seeing the same problem in Chrome:
This site can’t provide a secure connection
iampicard.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Tried switching from orange to gray in the DNS section and this new Cloudflare certificate appears to be untrusted; which I presume is by design, it’s probably some sort of self-signed certificate meant to be used only for talking with Cloudflare’s own servers.


#9

It looks like there really is a magical 24 hour cut-off, things suddenly started working at about the 24 hour mark, so we can consider this issue solved.