SSL VERSION OR CIPHER MISMATCH on two servers, no problems on another server

I set up three servers yesterday at three different locations running Ubuntu 22.04.1 LTS server. Each was set up from scratch. I performed the exact same steps for all of them since they are running the same application.

They reach out to Cloudflare with an API token to generate a Let’s Encrypt certificate; they can only be reached internally on each of their respective networks. That certificate gets converted into a keystore, which is then used to serve the web page securely.

One server works perfectly. I can access it by its fully qualified domain name and I have no problems. The other two, which I set up after the first working one, both give me ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors.

For the fun of it, I verified that the keystore files are valid. I downloaded one of them and used KeyStore Explorer to see if by any chance there was something else I was missing. Nope the files seem valid, but Chrome and Firefox do not like them

I’ve run out of ideas at this point. Is there somewhere else I can check the files? Any other ideas?

Well, I found that the server that works is using an RSA (2048 bits) certificate while the other two are using EC (256 bits). I must have installed and updated everything after some type of commit was made somewhere.

Now I need to have Certbot issue the certs as RSA, although I find it strange that the EC certificates aren’t recognized by either Firefox or Chrome.

Got it!

sudo certbot certonly --force-renewal --key-type rsa --rsa-key-size 4096 --dns-cloudflare --dns-cloudflare-credentials /home/root/cf-token.ini -d sub[dot]domain[dot]com --post-hook /home/root/post-renewal-hook.sh

I’m off to post a bug regarding the EC certs.