Cannot Establish TSL/SSL Connection with Cloudflare

If a domain cannot establish a TSL/SSL connection when using Cloudflare, it is likely because Cloudflare requires a Server Name Indication (SNI) at the virtual host level, in addition to the listener level.

You may see the following notice in your Chrome or Firefox browser: 

The site can't provide a secure connection
example.com users an unsupported protocl
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Or, you may see this: 

Secure Connection Failed
An error occurred during a connection to example.com. Peer reports incompatible or unsupported protocol version.
Error code: SSL_ERROR_PROTOCOL_VERSION_ALERT

Solution

Add SSL key/certificate configuration at vhost level under the SSL tab. Even if the configurations are identical, CloudFlare requires SNI to be set at both the virtual host level and the listener level. Do so, and the problem should go away.

  • Admin
  • Last modified: 2021/10/23 18:07
  • by George Wang