Let's Encrypt ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Published 1 month ago by skeith22

Digital Ocean

Ubuntu 16.04.04 LTS NGINX 1.14.0 MYSQL 8.0+ PHP 7.2+

I have 2 domains

1. test.domain.com
2. admin.test.domain.com

my test.domain.com is working fine after creating a certification but admin.test.domain.com is not.

Have anyone encountered this before after newly creating a certification?

here is my server block in NGINX

test.domain.com IS WORKING FINE.

server {
    root "/var/www/beta/latest/public";
    server_name test.domain.com;

    index index.php;

    access_log /var/log/nginx/beta_access_log;
    error_log /var/log/nginx/beta_error_log;

    client_max_body_size 2M;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/test.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/test.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = test.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name test.domain.com;
    return 404; # managed by Certbot
}

Here is for admin.test.domain.com is not working

**NOTE HTTP is working fine. HTTPS is not.

This site can’t provide a secure connection

admin.test.domain.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

server {
    root "/var/www/beta/latest/public";
    server_name admin.test.domain.com;

    index index.php;

    access_log /var/log/nginx/admin.test_access_log;
    error_log /var/log/nginx/admin.test_error_log;

    client_max_body_size 2M;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/admin.test.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/admin.test.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = admin.test.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name admin.test.domain.com;
    listen 80;
    return 404; # managed by Certbot
}

removing the SSL Cert and returning to HTTP is working fine.

Best Answer (As Selected By skeith22)
skeith22

@NickVahalik @Cronix I found out the problem what's causing the HTTPS error. Cloudflare's DNS, I disabled it and everything worked.

NickVahalik

Are you running TLS v1.3? You should be running TLS v1.3. What does /etc/letsencrypt/options-ssl-nginx.conf look like?

Cronix
Cronix
1 month ago (571,710 XP)

How long ago did you create the dns for admin.test.domain.com? If it was really recent, it might not have propagated to letsencrypt yet. I've had to wait for it before, so that's why I'm mentioning it.

skeith22

@NickVahalik it's not enabled

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

I will enable TLSv1.3 and try again.

@Cronix the HTTP is working fine. but HTTPS is not.

it's working fine in test.domain.com it's not in admin.test.domain.com

skeith22

@NickVahalik still no luck

I created another test sub domain it's working fine with a new cert. I wonder whats causing this error.

skeith22

@NickVahalik @Cronix I found out the problem what's causing the HTTPS error. Cloudflare's DNS, I disabled it and everything worked.

NickVahalik

Glad to hear @skeith22 !

skeith22

@NickVahalik it's just weird cause my other sub domains are working with encryption enabled. but anyways thanks for helping :D

Please sign in or create an account to participate in this conversation.