I have a domain that was previously registered on DNSimple, and connected to a Wix page. DNSSEC was enabled, and a Let’s Encrypt certificate was issued, and the site worked fine.
I then signed up to Cloudflare, changed the nameservers in DNSimple, and set up DNS records (in Cloudflare) to point to a new (managed) host (Transistor.fm). They require “Full” encryption.
The site stopped resolving, with the error in Chrome:
This site can’t provide a secure connection [mydomain.com] uses an unsupported protocol.
The client and server don’t support a common SSL protocol version or cipher suite.
I’ve tried troubleshooting with the following steps:
- Removing the domain from Cloudflare and re-adding it.
- Removing the edge certificate and re-issuing. (Tried multiple times, waiting a few days each time).
- Turning off the orange cloud to just DNS directly (the managed host will issue their own certificate in this case, but didn’t work).
- Transferring my registrar from DNSimple to Cloudflare (I thought there might be something hanging around from the old DNSimple setup, so it’s now deleted in DNSimple and fully registered in Cloudflare Domains.
Note: if I navigate to the Transistor.fm-provided subdomain it works perfectly.
My edge certificate has always been “pending validation” and I haven’t been able to get it to activate. I have another domain on Cloudflare (using CloudFlare Pages) and it activated within 24 hours.