Wordpress Site Error: Site uses an unsupported protocol


#1

Hey guys,

I recently was issued a cert by Let’s Encrypt and I went through the AWS how-to guide https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/. However, when I go to my site after completing the tutorial, I get an error which reads:

This site can’t provide a secure connection
DOMAIN uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I think that I set everything up properly, but I can’t tell if I missed something. My site is a wordpress site and the AMI it is on is bitnami-wordpress-4.8.1-0-linux-ubuntu-14.04-x86_64-hvm-ebs-mp-7d426cb7-9522-4dd7-a56b-55dd8cc1c8d0-ami-b0efcccb.4 (ami-844daafe).

Any help would be much appreciated. Thanks!


#2

Hi @jkollin14,

What’s your domain name?


#3

avalonpaintingllc.com


#4

Your server doesn’t seem to accept TLS connections at all. Could you take a look in your Bitnami server error logs to see if it explains why not?


#5

Sure thing, I get these

[Sun May 06 18:17:13.558410 2018]: Got error ‘PHP message: ** Detecting configuration **\nPHP message: plugin version: 2.5.26\nPHP message: Opening testpage to check for SSL: https://avalonpaintingllc.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php\nPHP message: test page url, enter in browser to check manually: https://avalonpaintingllc.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php\nPHP message: No SSL detected. No certificate, or the testpage is blocked by security settings. The SSL testpage returned the error: cURL error 35: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure\nPHP message: siteurl or home url defines found in wpconfig\n’, referer: http://avalonpaintingllc.com/wp-admin/plugins.php?plugin_status=all&paged=1&s


#6

Any other errors? That message shows one consequence of the problem, rather than the underlying reason…


#7

Im going back in the logs now, it looks like all of the errors are redundant


#8

Here we go, I got this

Server certificate does NOT include an ID which matches the server name

What is that referring to?


#9

I just noticed that you’re behind the CloudFlare CDN! Did you realize that and did you intend that?

Let’s Encrypt certificates aren’t ever visible to the public when used by CloudFlare customers (unless you have a very expensive CloudFlare plan). There’s no security benefit to using a Let’s Encrypt certificate behind CloudFlare compared to the CloudFlare origin CA.

The Let’s Encrypt setup process, if done wrong, could still be interfering with your site’s availability, so we can still try to debug it… but it might not end up giving you any particular benefit overall.


#10

Yeah, I had issues with the Cloudflare origin CA so I thought I would try another service. I’ll go back to trying to debug that. Thanks for the help!


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.