Sub-domain with www get ERR SSL VERSION OR CIPHER MISMATCH

Hi all,
I’m using flexible SSL from Cloudflare
I have subdomain like test1.domain.com, test2.domain.com , all without www and with https is working find

https ://test1. domain .com > working
https ://test2. domain .com > working
https ://www,test1. domain .com > not working - error - ERR_SSL_VERSION_OR_CIPHER_MISMATCH
https ://www.test2. domain .com > not working - error - ERR_SSL_VERSION_OR_CIPHER_MISMATCH

My node server working on centos 6.5 and nginx/1.12.0
and I rewrite www to non-www with this code (but it not working as above)

server {
    server_name  www.test1.domain.com;
    rewrite ^(.*) https://test1.domain.com$1 permanent;
}

server {
        listen *:80;
        listen *:443;
    server_name     test1.domain.com;
	rewrite_log on;
	access_log off;
	root /domain/root_file/;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;

    if ( $http_x_forwarded_proto != 'https' ) {
  return 301 https://$host$request_uri;
}
        include "/etc/nginx/Cloudflare.real.ip.conf";

}

what I miss here to fix this problem , I want to redirect all www to non-www from subdomain but its not passed from Cloudflare and give me ERR_SSL_VERSION_OR_CIPHER_MISMATCH

To use a *.test1.example.com SSL certificate, you need to purchase Cloudflare Dedicated SSL with Custom Hostname for $10/month. You need this since Cloudflare Universal SSL only provide *.example.com

4 Likes

Is this still applicable as of 2020?

I’m using *.sub.domain.com in origin pull certificate and having this error.

Regards.

If you see ERR SSL VERSION OR CIPHER MISMATCH in your browser this is a strong indicator that the hostname is not present on the SSL certificate located at our edge. @tanto259 is correct in that our free Univeral SSL service only covers the root and single-level sub-domains.

We are in the process of deprecating Dedicated Certificates and have replaced them with our new Advanced Certificate Manager. If you require mutli-level sub-domain support you will either need to purchase this feature or upgrade your Plan to Business so that you can upload a Custom Certificate.

1 Like