WWW links shows ERR SSL VERSION OR CIPHER MISMATCH, Unsupported protocol?

anduvatech · November 25, 2018, 6:43pm

We have been having an issue with all of our WWW links for sub domains showing this SSL error:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.

Now non WWW works fine with valid SSL, no issue. If it comes to it we can just redirect all WWW to non WWW. If there is a fix for this, so we can use WWW within our links that would be great.

Our SSL shows active, not issuing.

Any help would be appropriated, thanks in advance.

sandro · November 25, 2018, 6:45pm

Not knowing the domain definitely makes it a lot easier to say anything

anduvatech · November 25, 2018, 6:46pm

You can see the error using this link

sandro · November 25, 2018, 6:47pm

Cloudflare does not offer HTTPS certificates for fourth-level domains, such as in your case.

sdayman · November 25, 2018, 6:48pm

…unless you get the $10/month dedicated certificate with Custom Hostnames. Then you can manually add a bunch of (deeper) subdomains.

anduvatech · November 25, 2018, 6:49pm

Without the WWW it works fine, why only the WWW do we get this error? Just seems odd. If we had a paid membership, will WWW work on sub domains?

sandro · November 25, 2018, 6:50pm

Please refer to my previous response.

Yes and no, as @sdayman already mentioned you can simply purchase the $10/month certificate option and will be able to cover such a host.

anduvatech · November 25, 2018, 6:53pm

Thank you, for now we will redirect WWW to non WWW and upgrade later on if needed. Thanks for all of your help.

sdayman · November 25, 2018, 7:48pm

You won’t be able to redirect www because that still requires an SSL connection. Hopefully there’s not a publicly advertised link to the www for that subdomain that users might try.

francesco · November 25, 2018, 10:10pm

or you can skip CF (grey cloud) and use a letsencrypt cert to make the redirect

sdayman · November 25, 2018, 10:13pm

I’m not particularly thrilled about exposing the origin IP address for that. That’s why I have a low-value droplet with an exposed IP address for such shenanigans that doesn’t host anything of value. I’d www.sub.example.com to an IP address on some other machine that will do the forwarding for me.

anduvatech · November 25, 2018, 11:44pm

Thanks for the advice, not thrilled about exposing IP, yet redirect within each .httaccess should work in not exposing the WWW for sub domains or at least in theory it should.

We had no idea of this issue until our affiliates started contacting us about the error with all of their tracking links, this is easy to update on our end though, besides that our main domain works fine with WWW and this is the only one we really advertise so no major issues here.

Thanks again for your help.

system · December 25, 2018, 6:43pm

This topic was automatically closed after 30 days. New replies are no longer allowed.