Universal SSL certificate still isn't validated after 48 hours.
Hi there,
I've recently connected my domain (on squarespace) to cloudflare, my universal SSL certificate still isn't validated after 48 hours.
My site gives the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" and I think this is why.
Hope someone can help me out.
Greetings,
mm6683.
10 Replies
Hey 👋
That error is related to your universal ssl not being issued.
What's your domain name?
midascloud.net
DNSSEC is enabled/configured at your Registrar, Squarespace, with an invalid configuration.
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for midascloud.net.)
https://dnsviz.net/d/midascloud.net/dnssec/
You’ll want to either outright disable DNSSEC, or update your DNSSEC configuration with the information Cloudflare gives you:
https://developers.cloudflare.com/dns/additional-options/dnssec/
These changes to your DNSSEC Configuration can be done at your Registrar, Squarespace
DNSSEC · Cloudflare DNS docs
DNS Security Extensions (DNSSEC) adds an extra layer of authentication to DNS, ensuring requests are not routed to a spoofed domain.
Thank you, will do that.
Once you get DNSSEC fixed Cloudflare should eventually retry and succeed issuing the ssl cert. You could also disable Universal SSL under SSL → Edge Certifications, wait a few minutes, re-enable to try to speed it up, otherwise Cloudflare backs off/waits longer with each failure so it may take a bit for it to retry again.
so the algorithm is set incorrectly (now set to PRIVATEOID) what does it need to be?
ECDSA / Algo 13
In the dashboard, under DNS -> Settings, you can click "DS Record" drop down to see the information you're supposed to set
ok
Nice, looks like you fixed your dnssec config and it's working and secure now. I would disable universal ssl for a few minutes and re-enable like I said as well to give issuance a kick/so that it tries again sooner, might still be a bit though since you just fixed it
just tried to load my website, it works, and my ssl cert. is active, thx for the help