Getting SL_ERROR_NO_CYPHER_OVERLAP

SplinterFL · August 12, 2023, 10:07pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: fta-vacations.com

I ran this command: sudo certbot renew --allow-subset-of-names

It produced this output:

My web server is (include version): APACHE2 with STUNNEL
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don't know): YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

9peppe · August 12, 2023, 10:17pm

Oh my god.

What ciphers have you configured in stunnel?

SplinterFL · August 12, 2023, 10:21pm

ciphers =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:
+SSLv3:!aNULL!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:
CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

9peppe · August 12, 2023, 10:25pm

try with

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305

from Mozilla SSL Configuration Generator

SplinterFL · August 12, 2023, 10:27pm

THANK YOU!!! I've been pulling my hair out, thinkgin it was X1 or X2 CA cert issue.

system · September 11, 2023, 10:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.