Universal SSL edge certificate renewal issue

Answer these questions to help the Community help you with Security questions.

What is the domain name?

chiesadiconcorezzo.it

Have you searched for an answer?
Yes, and found a lot of similar issues reported by someone else.

Please share your search results url:
https://community.cloudflare.com/t/edge-certificate-disappeared-universal-ssl-is-enabled/396736/3

When you tested your domain using the [Cloudflare Diagnostic Center], what were the results?
Firstly there was issue with unproxied DNS entries, but after some fix everything is ok.

Describe the issue you are having:
The Universal SSL edge certificate is not being updated.

What error message or number are you receiving?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What steps have you taken to resolve the issue?

  1. Turn off Universal SSL
  2. Wait 15 minutes
  3. Turn on Universal SSL
  4. Received the email saying a new certificate has been issued
  5. The SSL edge certificate setup page still report the old, expired, certificate

Was the site working with SSL prior to adding it to Cloudflare?
Yes

What are the steps to reproduce the error:

  1. Load the site
  2. f it seems to work CTRL+F5 to force reload
  3. At least for a while the error should appear

Have you tried from another browser and/or incognito mode?
Yes. Firefox and Chrome, Normal and Incognito modes

Please attach a screenshot of the error:

Hello there,

Did you check this #tutorial for the resolution? Did you check your DNSSEC?

The domain chiesadiconcorezzo.it does not currently use DNSSEC. Based on that data, there is no DNSSEC to check at this time.

Currently Im seeing the site chiesadiconcorezzo.it without any such cipher errors.

Are you still having an issue?

Around these recent days I did see that the original Digicert universal was removed - which is an indication of the previous still being set to DCV method HTTP instead of TXT method (as per recent CA policy change no longer allowing DCV HTTP for wildcard certs).

Then further on you now appear to have a new valid active Cert in place with the required TXT method applied.

Let us know if you have any further issues.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.