Tried various methods but Universal SSL still pending

I have a domain that was previously registered on DNSimple, and connected to a Wix page. DNSSEC was enabled, and a Let’s Encrypt certificate was issued, and the site worked fine.

I then signed up to Cloudflare, changed the nameservers in DNSimple, and set up DNS records (in Cloudflare) to point to a new (managed) host (Transistor.fm). They require “Full” encryption.

The site stopped resolving, with the error in Chrome:
This site can’t provide a secure connection [mydomain.com] uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.

I’ve tried troubleshooting with the following steps:

  1. Removing the domain from Cloudflare and re-adding it.
  2. Removing the edge certificate and re-issuing. (Tried multiple times, waiting a few days each time).
  3. Turning off the orange cloud to just DNS directly (the managed host will issue their own certificate in this case, but didn’t work).
  4. Transferring my registrar from DNSimple to Cloudflare (I thought there might be something hanging around from the old DNSimple setup, so it’s now deleted in DNSimple and fully registered in Cloudflare Domains.

Note: if I navigate to the Transistor.fm-provided subdomain it works perfectly.

My edge certificate has always been “pending validation” and I haven’t been able to get it to activate. I have another domain on Cloudflare (using CloudFlare Pages) and it activated within 24 hours.

Just to add, I replicated the setup exactly with another domain (matching all the DNS records/setup) and it works correctly. The only difference between the two setups is that the other domain has a validated Edge Certificate, and the Edge Certificate for this domain is still pending and will not activate.

(Note: this other domain was never used before). Is it possible that my old Let’s Encrypt certificate is still hanging around somehow and causing a validation error?

Hi, I am sorry you are experiencing issues with HTTPS on your domain name while using Cloudflare.

Can you share your domain name with us?
Is it Transistor.fm or some other?

  • server: Netlify
  • Working fine over HTTPS → not using Cloudflare nameservers (rather AWS DNS)

Indicates as follows:

May I ask you to try to disable the Universal SSL then re-enable it? For the Universal SSL, yes, I remember this trick helped in some situations - but you still have to make sure you have got the SSL certificate installed and valid one at your server/hosting.

Sounds to me like your SSL certificate expired and you have to renew it.

Kindly, may I ask you to:

  1. Temporary enable the “Pause Cloudflare on Site” option from the Overview tab of the Cloudflare dashboard.
  2. Or, temporary switch A www and A yourdomain.com to :grey: (DNS-only).

Furthermore, contact your web hosting provider, or if experienced a bit more, if you are using cPanel, or maybe Let’s Encrypt, start the process of renewing / reissuing a SSL certificate for your domain(s).

Upon your Websites starts working and resolving over secured (HTTPS) connection, disable the option (or if you went with other way, switch back from :grey: to :orange: cloud).

Therefore, kindly check your SSL/TLS settings at the SSL/TLS tab of Cloudflare dashboard for your domain name and make sure it’s set to Full (Strict) SSL .

Otherwise, I’d suggest you to write a ticket to Cloudfalre support due to your account and/or domain issue (keep in mind it’s weekend) and share the ticket number here with us: