ERR_SSL_VERSION_OR_CIPHER_MISMATCH - Edge Certificate pending validation
What is the name of the domain?
softinttech.org
What is the error message?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH 1
What is the issue you’re encountering
ERR_SSL_VERSION_OR_CIPHER_MISMATCH 1
What steps have you taken to resolve the issue?
Removed and added the domain again to Cloudflare, still the Edge certificate is showing pending validation. I recently moved my domain from Cloudflare to Porkbun. After this, I’m facing this issue. But the NS is set properly in porkbub. I do have let’s encrypt in server.
What is the current SSL/TLS setting?
Full (strict)
https://community.cloudflare.com/t/err-ssl-version-or-cipher-mismatch-edge-certificate-pending-validation/722721/1
38 Replies
You possibly need to disable or reconfigure DNSSEC on both sides
Alright, I just configured DNSSEC on Porkbun. I copied values from Cloudfare
How long should I wait? I disabled and enabled the Uniersal SSL once now
Okay the dashboard says
DNSSEC is pending while we wait for the DS to be added to your registrar. This usually takes ten minutes, but can take up to an hour.I'll keep posted
Doesn't help.
It's still pending validation
Should I wait longer?
This is my current DNS records
the zone is in Active state right?
Meaning the domain? Yes
It's on Porkbun.
I modified all the settings. Nothing is working. Sad. 😢
So I repeated the process again
1. Removed the cloudflare
2. Added the domain again
3. Updated the nameserver
Again same issue
Show your DNS Records in cf (bluring anything sensitive), it looks like you've got a wildcard cname or something
Sadly, I don't have any wildcard record
DNS over Discord: A records
blah.blah.softinttech.org A @1.1.1.3 +noall +answer
diggy diggy hole
you've got one somewhere somehow
at the bottom of the dns records page, what does it say your Cloudflare nameservers are?
This.
Cool, so it looks like it just doesn't care about your dns settings at all. Your domain is spelled right, right? supposed to be
softinttech.org misspelled w/ two t's and not softintech.org?two
t is correct
soft int tech .orgThanks for confirming, this is something that would have to be escalated to support then, looks like there's a ghost dns zone overriding/it just doesn't care about yours and neither of us see anything obviously wrong with your setup. Trying to see the best way to go about that
Cool. Looking forward!
Strangely the API also doesn't return the ghost record.
this was escalated and they reached out on the community thread asking you to make a registrar ticket to be escalated as they think it's related to that (and also a record on your apex as another thing to try)
Thank you. Case ID:
01227438
and how to setup the apex?So they just closed the ticket, Because I'm on a free plan
DNS over Discord: A records
softinttech.org A @1.1.1.1 +noall +answer
diggy diggy hole
@Naveen MC do you have an ssl certificate at the endpoint?
Yes. I have let's encrypt
i would double check and make sure it's actually issued and current. I had this error before and based on my research it was due to the endpoint ssl cert not being issued yet.
Thanks David. Let me double check
Hi @David Wang Yes. I removed the cloudflare and double checked. The subdomains has own SSL certificates.
The moment I turn ON cloudflare, the error comes back again
Ssl is set to full (strict)?
the ssl setting won't matter for this error (though it should always be full strict regardless), the error happens because there's no edge certificate issued and there not being one issued is a cloudflare issue which is why chaika escalated it. i can only assume the ticket being closed was a mistake and I've already mentioned that on the escalation for someone to correct
Oh. I was mistaken. I couldn't /didn't see the whole error massage. Thanks for clarifying
no worries
Thank you
DNS over Discord: A records
softinttech.org A @1.1.1.1 +noall +answer
diggy diggy hole
DNS over Discord: A records
db.softinttech.org A @1.1.1.1 +noall +answer
diggy diggy hole