This error usually means Cloudflare can’t establish a secure connection with your origin server due to an SSL/TLS mismatch. Since you were previously using SSL on Apache and just moved to Cloudflare, here’s how to troubleshoot it step-by-step:
🔍 What the Error Means
ERR_SSL_VERSION_OR_CIPHER_MISMATCH indicates that:
- The browser and server don’t agree on a common SSL/TLS protocol or cipher.
- Cloudflare can’t present a valid certificate for your domain.
- Your origin server may be misconfigured or using outdated SSL settings.
✅ Fixes You Should Try
1. Check Cloudflare SSL Mode
Log into your Cloudflare dashboard:
- Go to SSL/TLS > Overview
- Make sure SSL mode is set to Full or Full (Strict)
Avoid Flexible, as it can cause issues with sites that already have SSL.
2. Verify Edge Certificate Status
- Go to SSL/TLS > Edge Certificates
- Look for the Universal SSL certificate for your domain.
- Make sure its status is Active
If it’s still initializing, it can take up to 24 hours after DNS propagation.
3. Ensure DNS Records Are Proxied
- Go to DNS > Records
- Make sure your A or CNAME records for
site.comare set to Proxied (orange cloud icon).
If they’re DNS only, Cloudflare won’t serve SSL for that subdomain.
4. Check Apache SSL Configuration
On your origin server:
- Make sure Apache is listening on port 443.
- Confirm that your SSL certificate is valid and not expired.
- Ensure you’re using modern TLS protocols (e.g., TLS 1.2 or 1.3) and not deprecated ones like SSLv3 or TLS 1.0.
Example Apache config snippet:
<VirtualHost *:443>
ServerName site.com
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem
SSLCertificateChainFile /path/to/chain.pem
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>
5. Temporarily Pause Cloudflare
If you need to test directly:
- Go to Overview > Advanced Actions
- Click Pause Cloudflare on Site
- Then access your site directly via its IP or domain to confirm SSL is working.