Answer these questions to help the Community help you with Security questions.
What is the domain name?
Have you searched for an answer?
Yes, and found a lot of similar issues reported by someone else.
Please share your search results url:
When you tested your domain using the [Cloudflare Diagnostic Center], what were the results?
Firstly there was issue with unproxied DNS entries, but after some fix everything is ok.
Describe the issue you are having:
The Universal SSL edge certificate is not being updated.
What error message or number are you receiving?
What steps have you taken to resolve the issue?
Turn off Universal SSL
Wait 15 minutes
Turn on Universal SSL
Received the email saying a new certificate has been issued
The SSL edge certificate setup page still report the old, expired, certificate
Was the site working with SSL prior to adding it to Cloudflare?
What are the steps to reproduce the error:
Load the site
f it seems to work CTRL+F5 to force reload
At least for a while the error should appear
Have you tried from another browser and/or incognito mode?
Yes. Firefox and Chrome, Normal and Incognito modes
Please attach a screenshot of the error:
Did you check this
# for the resolution? Did you check your DNSSEC? tutorial
Try the suggestions in this Community Tip to help you fix ERR SSL VERSION OR
CIPHER MISMATCH in Chrome.
A website using HTTPS performs a series of steps between the browser and the web server to ensure the certificate and SSL/TLS connection is valid. These include a TLS handshake, the certificate being checked against the certificate authority, and decryption of the certificate. If Chrome detects an issue, it might display “ ERR_SSL_VERSION_OR_CIPHER_MISMATCH” which prevents a…
does not currently use DNSSEC. Based on that data, there is no DNSSEC to check at this time.
Currently Im seeing the site chiesadiconcorezzo.it without any such cipher errors.
Are you still having an issue?
Around these recent days I did see that the original Digicert universal was removed - which is an indication of the previous still being set to DCV method HTTP instead of
TXT method (as per recent CA policy change no longer allowing DCV HTTP for wildcard certs).
Then further on you now appear to have a new valid active Cert in place with the required
TXT method applied.
Let us know if you have any further issues.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.