Err_ssl_version_ or_cipher_mismatch

I have a server with a self signed certificate and as it is causing troubles lately, I decided to see if certbot has any solution for my Ubuntu 14.04

I found that certbot can be installed via snapd, so I've installed snapd and then installed certbot. Then I generated the certs.
The /etc/letsencrypt/ folder was created and the following lines:

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/

were added to my apache2 config file.

After service apache2 reload, the show the error message: uses un unsupported protocol and

I can see that the same file already had:
SSLEngine On
SSLOptions +StrictRequire
SSLProtocol TLSv1

So I replaced the last line by:
SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3 but no change in the result.

As a consequence of the error message I was wondering if I could update the openssl from the version I have: OpenSSL 1.0.1f 6 Jan 2014
to a newer one in order to have a Certbot's supported protocol

I am stuck here, since I don't know how to upgrade openssl or the upgrade will break the ubuntu.

Any idea how to overcome this problem?

Thank you!!


My domain is:
I ran this command: on chrome or other browsers
It produced this output: uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH
My web server is (include version): apache2
The operating system my web server runs on is (include version): Ubuntu 14.04
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): none
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.20.0

Some of your settings may have been corrupted during the installation. You may be missing the SSLCipherSuite or similar.

Try using the mozilla security tool to generate settings, then compare and update your config file:


Hi @alela and welcome to the LE community forum :slight_smile:

Ubuntu 14 and OpenSSL 1.0.1f are quite old.
I'm not sure if they support the protocols and ciphers requested; as shown by the error message:
"unsupported protocol and ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

You could either update OpenSSL or review the ciphers it supports, with:
openssl ciphers
and ensure you only use supported ones.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.