Weird SSL mismatch appeard!


Actually idk what went wrong here, today i created a new sub domain after i turned cf on i started to get mismatch error, cf is on for all sub domains including main one

[email protected]:~# curl -vvv
*   Trying
* Connected to ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, Server hello (2):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

in backend i’m using Nginx + Let’s encrypt SSL configuration on nginx is the same for all and all *

        ssl_protocols             TLSv1.1 TLSv1.2 TLSV1.3;
        ssl_prefer_server_ciphers on;
        ssl_certificate           /hostdata/;
        ssl_certificate_key       /hostdata/;
        ssl_dhparam               /ssl/dh2048.pem;
        ssl_session_cache         shared:SSL:5m;
        ssl_session_timeout       1d;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate   /hostdata/;

Options in cloudflare are

crypto => SSL => Full
crypto => Authenticated Origin Pulls => OFF
crypto => Minimum TLS Version => 1.0
crypto => TLS 1.3 => Tried Both On/Off the subdomain doesn't work

Any idea what i’ve done wrong here?! (the subdomain works on https if cf is off but once i turn cf on it get mismatch err)



This is a host on the second level of its domain and Cloudflare does not support such deep levels on their free universal certificates. You will need a $10/month dedicated certificate if you want that host on HTTPS. Alternatively you can unproxy it and point it straight to your server.

1 Like

lol i was 1h testing and testing thanks for info!