Cipher mismatch or error in SSL version

mystique · December 11, 2022, 5:49am

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
dheerajfavs.myasustor.com

I ran this command:
Unable to access this website from another country when that domain is accessed

It produced this output:
This site can't provide a secure connection
domain uses an unsupported protocol
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

My web server is (include version):
Apache Http server 2.4.54.r16

The operating system my web server runs on is (include version):
Asustor @ ADM 4.1.0.RLQ1

My hosting provider, if applicable, is: myasustor.com

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.1.0

mystique · December 11, 2022, 5:52am

Hello,
I've used Let's Encrypt to general a SSL certificate for my webserver hosted on Asustor. But when my domain is accessed from another country(tested using VPN) or from a different network, chrome is saying ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

I also tested SSL certificate using ssl labs
https://www.ssllabs.com/ssltest/analyze.html?d=dheerajfavs.myasustor.com

Got grade F

Can you please let me know what the issue is?

rg305 · December 11, 2022, 6:18am

Hi @mystique, and welcome to the LE community forum

The problem is within your Asustor device.
How does it manage its' certificates?
Does is use IPv4 and IPv6?

Name:      dheerajfavs.myasustor.com
Addresses: 2601:646:9b82:98f0:7a72:64ff:fe40:9f5
           98.51.80.36

mystique · December 11, 2022, 6:23am

I'm not sure about how it manages certificates. I installed let's encrypt for generating the certificate though. It uses IPv4. I haven't enabled IPv6 yet.

rg305 · December 11, 2022, 6:30am

DNS shows an IPv6 address.

Is that recommended?
Are you following some guide?

mystique · December 11, 2022, 6:35am

I'm not sure about IPv6. But from this result page, server cannot be connected on that address.
https://www.ssllabs.com/ssltest/analyze.html?d=dheerajfavs.myasustor.com

Yes, I'm following this guide

Followed this exactly. Step 3.2 says to get certi from Let's Encrypt.

rg305 · December 11, 2022, 7:02am

Well, if you followed the guide...
Then it has failed you.

Let's do some troubleshooting.
Please show:
apachectl -t -D DUMP_VHOSTS

system · January 10, 2023, 7:03am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.