I was setting up SSL for a domain using cloudflare along with nginx-acme and nginx-proxy but I got error ERR_SSL_VERSION_OR_CIPHER_MISMATCH when testing.
Checking the container logs, everything looks alright.
By using SSL Labs toolkit, it shows error “Failed to communicate with the secure server”:
Looking it up, I found
https://community.cloudflare.com/t/failed-to-communicate-with-the-secure-server/186871
which links to
https://developers.cloudflare.com/ssl/troubleshooting/version-cipher-mismatch
Then I found the root cause was I was using a multi-level subdomain:
One easy way to fix it is to merge the multiple levels from <subdomain1>.<subdomain2> to <subdomain1>-<subdomain2>.
But sometimes we do need multi-level subdomains. For example, when we deploy L2s for our clients. We want them to get resource URLs such as:
In that case, we will use Cloudflare’s Advanced Certificates add-on feature that covers more than one level of subdomain.
One we purchased the package, we need to order those advanced certificates such as:
Then we can use the feature to issue certs when it becomes active:
