This site can’t provide a secure connection - GitHub Pages


#1

I have a Jekyll driven site hosted on GitHub Pages with a custom domain.

The site was working fine prior to this.

I started using CloudFlare and 24 hours later the site is not reachable. I get this:

This site can’t provide a secure connection
www.danaleegibson.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.

I get the same thing if I try and visit the site using the NON-www:

This site can’t provide a secure connection
danaleegibson.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.

The DNS settings look okay to me, but I might be missing something. The name servers are set to CloudFlare ones and I am only sending four A records through CloudFlare.

Please help! The Site is down and my only option is to drop CloudFlare.


#2

In Cloudflare’s Crypto Tab, do you have SSL enabled with an Active Certificate? And how is your SSL Set? Full? Flexible?

A search here for ERR_SSL_VERSION_OR_CIPHER_MISMATCH will bring up a ton of discussions on the error.


#3

Yes, the SSL Cert. is indicating active and it is set to Flexible.

It was originally set to Full. Does a change from Full to Flexible take 24 hours to take effect?

There are conflicting tutorials on whats best for GitHub Pages.

Yeah, a “ton” of discussions non of which I understand or seem applicable to me. :frowning:


#4

Full to Flexible, etc., are nearly instantaneous.

Ah, it’s not even using Cloudflare right now. Are your DNS entries here set to :orange:?


#5

I waited a few hours (after the first 24) and had no change, CloudFlare says everything is “working” or active.

So I tried to “pause” cloud flare so I could see the website. That didn’t work either.
When I paused CloudFlare I get an error:

Your connection is not private
Attackers might be trying to steal your information from danaleegibson.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

Some tutorials say FULL, other say Flexible.

I went through the Tutorial on CloudFlare, and I set things up as they say, I still can’t get to my website.


#6

I don’t get this, if I run:

$ dig +noall +answer example.com

It should confirm the A Record IP addresses I’m using, which should be the GitHub’s.
192.30.252.153
192.30.252.154

But mine resolve NOT to the A Record IP addresses I have in the DNS but rather to CloudFlare’s IP’s.
104.27.154.91
104.27.155.91

And I still can’t get this to work.
It is a simple, small website, I can’t see what I’m missing.


#7

For now, you’ve set it back to your old name servers. If you want to get it to work with Cloudflare, it’s best to work on the DNS issue from Cloudflare’s end. At least that way it has a short TTL to update IP addresses. If you :grey: the DNS entry, you should effectively have the working setup you currently have.


#8

I gave up.

I went back to GoDaddy and reset the nameservers and everything went back to normal.

I went over the tutorials and the DNS settings, I double checked everything and it would not work.

I am sure there was something simple I missed. But I do not have more than a day and a half to dedicate to trying to figure this out.

I can’t see what DNS issues I could have had. I have the 2 GitHub IP addresses, the one CNAME for the www forwarding it to the GitHub repository, and that is it. And I know they work because when I changed the name servers back everything went back to normal. If I had an issue with an “A” record or a CNAME it wouldn’t work in GoDaddy any better than CloudFlare.
I didn’t make any changes to CloudFlare’s default setting. I only started making adjustments when after 24 hours when I was getting the errors I mentioned.

I tried the Main Pause in the general tab. I would assume, according to the description, that would effectively turn off all of CloudFlare’s effects and services. It did not.


#9

Hi! This might be a little late but you almost did everything correctly. You can keep the SSL to “Full”. The one piece you were missing is this:

– you need to remove the custom domain name from Github and re-add it in 30 sec for Github to realize that your custom domain now supports HTTPS. this takes around a day for github to realize after you delete/re-add.

More info:

Hope this helped!