Universal SSL broken for specific domain (paused Universal SSL, re-enabled proxy)

Answer these questions to help the Community help you with Security questions.

What is the domain name?
wavect.at

Have you searched for an answer?
Yes

When you tested your domain, what were the results?
All other domains such as wavect.xyz and wavect.de work. The SSL certificate for wavect.at is stuck in pending state.

Describe the issue you are having:
Cipher mismatch.

What steps have you taken to resolve the issue?

  1. Disabled and re-enabled Universal SSL
  2. Waited 48h
  3. Re-enabled Proxy on the CNAME entries

Was the site working with SSL prior to adding it to Cloudflare?
No, new domain. But others work with same configuration: wavect[dot]de and wavect[dot]xyz

Have you tried from another browser and/or incognito mode?
Yes and mobile.

Did everything that I have read on the forum etc. Disabled Universal SSL already, disabled and re-enabled proxy, and waited a few days, etc. Nothing worked while the other domains wavect.xyz and wavect.de with the same configs work fine.

You have a DNSSEC issue…
https://cf.sjr.org.uk/tools/check?88ea52677fc34f878f93084810087014#dns

You need to either disable DNSSEC at your registrar, or enable it at Cloudflare and copy the DS records to your registrar from your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

1 Like

awesome thanks trying it out!

Hello,

If the solution provided by SJR remedied the issue please mark the post as a solution. To better help other customers who may be having the same issue. If the issue is still present please let us know what challenges you are facing?