I was setting up SSL for a domain using cloudflare along with nginx-acme
and nginx-proxy
but I got error ERR_SSL_VERSION_OR_CIPHER_MISMATCH
when testing.
Checking the container logs, everything looks alright.
By using SSL Labs toolkit, it shows error “Failed to communicate with the secure server”:
Looking it up, I found
which links to
Then I found the root cause was I was using a multi-level subdomain:
One easy way to fix it is to merge the multiple levels from <subdomain1>.<subdomain2>
to <subdomain1>-<subdomain2>
.
But sometimes we do need multi-level subdomains. For example, when we deploy L2s for our clients. We want them to get resource URLs such as:
In that case, we will use Cloudflare’s Advanced Certificates add-on feature that covers more than one level of subdomain.
One we purchased the package, we need to order those advanced certificates such as:
Then we can use the feature to issue certs when it becomes active: