SSL on Nginx with cloudflare

HI i have a website on Nginx with Let’s Encrypt. I added it to cloudflare but the default conf added Universal SSL, which i disabled.
then i changed to

  1. In SSL Overview: SSL mode: Full ( not Full strict)
  2. in Edge Certificates:
  • Always Use HTTPS: ON
  • Universal SSL: Disabled

I purged cache but i still get Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Website works fine without cloudflare.
What am i doing wrong?

That’s the first issue. Right now your site is still insecure, you need to select Full Strict.

As for the proxy certificate, you do need Universal SSL enabled.

Hi sandro, so you say that for Let’s encrypt to work i need to enable Universal SSL???
Yes it works, but enabling Universal SSL issues another certificate (Google Trust Services LLC) and website does not use the Let’s Encrypt which i issued in Nginx?

No, not for your server certificate, you need Universal SSL for the proxy certificate.

Select Full Strict and enable Universal SSL and make sure to renew the server certificate.

1 Like

So you mean server certificate is only for connection between cloudflare and the server and universal SSL is for browser to cloudflare? And there is no way to use the server certificate for browser to cloudflare?

Correct. What you want can only be done by unproxying or purchasing a Business plan where you can provide your own certificate.

by “provide your own certificate” you mean upload? Is there a way to automate?

Yes, there is an API call to upload the certificate, you may want to check api.cloudflare.com

But I really don’t think you need a Business plan for that, Universal SSL should work just fine and Cloudflare currently does not even issue Google certificates because of the issue with unsupported software.

1 Like

Thank you Sandro.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.