Universal Edge Certificate deleted and SSL Version or Cipher mismatch


We have an issue with a certain domain that is using Cloudflare for DNS etc… (original registrar is GoDaddy).
Currently we are unable to connect to the domain despite using the same settings as all previous domains linked to Cloudflare and just get the following error “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” regardless of browser or device used.
On checking the Edge Certificate in Cloudflare for that domain it states the Universal certificate is deleted.

How can I get this fixed and get the universal certificate back in place and marked as active?
I have tried contacting support via email and just get the ticket auto closed.

Try changing CA using this API endpoint as it should cause Cloudflare to issue a new certificate:

Thanks Albert,

How do I do this? I have seen the commands but not sure how I run the commands or where, lol

I’ll try to walk you through it :slightly_smiling_face: Assuming you’re using Windows, do the following:

  1. Download the latest version of cURL here.
  2. Extract the .zip file by right-clicking → Extract All and follow the instructions.
  3. Enter the extracted folder (most likely called curl-7.79.1-win64-mingw) and then enter the bin folder.
  4. Click on the “current location”-bar in the explorer window. Delete everything in the text field and type cmd.
  5. Command Prompt should now open - don’t type anything yet!
  6. Open notepad and paste the following:
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/{zone_id}/ssl/universal/settings" ^
     -H "X-Auth-Email: {account_email}" ^
     -H "X-Auth-Key: {global_api_key}" ^
     -H "Content-Type: application/json" ^
     --data "{\"certificate_authority\":\"digicert\"}"
  1. Replace {zone_id}, {account_email} and {global_api_key} with their respective values.
  2. Copy everything from notepad and paste it into the Command Prompt window - then hit enter. You should usually not run commands from the internet without verifying them yourself, but let’s pretend you trust me completely :stuck_out_tongue:
  3. The command should complete without errors (look for "success": true), hopefully…
  4. A new certificate should be generated for your site!

Ok, attempted that and got the following:
{“success”:false,“errors”:[{“code”:6007,“message”:“Malformed JSON in request body”}],“messages”:,“result”:null}

That might be Windows not liking single ticks - can you try --data "{\"certificate_authority\":\"digicert\"}"?

Thank you. It worked for me.

1 Like

I assume this means success?

You’re correct!

1 Like

I can confirm domain is working correctly now!

Thanks so much for your help and the mini guide, it helped a lot!!

Thank you again!!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.