My custom domain is showing SSL Mismatch error

Question

After I added a custom domain to my app, when I visit that domain it shows me a SSL version or cipher mismatch error.

This site can’t provide a secure my-website.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Answer 1

crashoverride October 6, 2020

This can happen when the CNAME isn’t yet configured before adding it to app. Our TLS certificate issuer caches the NXDOMAIN (not found) DNS record, and the TLS certificate issuing is delayed. Normally it resolves automatically once the NXDOMAIN cache expires in about 30 minutes.

Reply Report

WoLfulus October 6, 2020

At least for me this only happens when using DigitalOcean Domains, when I tried with CloudFlare it worked flawlessly. It would be nice to mention that it needs to be added before adding it to the app though. Saves a lot of headaches.

Edit: it’s been quite a while since I added the domain, and I’m still receiving ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Reply Report

Answer 2

WoLfulus October 6, 2020

At least for me this only happens when using DigitalOcean Domains, when I tried with CloudFlare it worked flawlessly. It would be nice to mention that it needs to be added before adding it to the app though. Saves a lot of headaches.

Edit: it’s been quite a while since I added the domain, and I’m still receiving ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Reply Report

Answer 3

FTX514 October 6, 2020

I have the same problem,
Many hours, and the problem persist. :(

Reply Report

Answer 4

flvb86 October 7, 2020

I made the error of adding the custom domain before the DNS entry was refreshed (due to TTL time). I’ve destroyed custom domain and added it again and now it works.

Reply Report

timurbakibayev October 10, 2020

It didn’t work for me though.
What I have noticed, is:
my provider automatically adds a point in the end of the url when CNAME is created. So,
CNAME: https://kuanysh-kz-ogwcw.ondigitalocean.app.
URL: https://kuanysh-kz-ogwcw.ondigitalocean.app

and even if I simply follow that ondigitalocean url with a dot in the end, my certificate fails. It is not related to the domain.

But my domain provider does not allow creating CNAMEs without a dot in the end.

Don’t know what to do.

The idea with APPs in Digital Ocean is great, btw.
Reply Report

Answer 5

timurbakibayev October 10, 2020

It didn’t work for me though.
What I have noticed, is:
my provider automatically adds a point in the end of the url when CNAME is created. So,
CNAME: https://kuanysh-kz-ogwcw.ondigitalocean.app.
URL: https://kuanysh-kz-ogwcw.ondigitalocean.app

and even if I simply follow that ondigitalocean url with a dot in the end, my certificate fails. It is not related to the domain.

But my domain provider does not allow creating CNAMEs without a dot in the end.

Don’t know what to do.

The idea with APPs in Digital Ocean is great, btw.
Reply Report

Answer 6

Trunksome October 15, 2020

I seem to have the same issue. What I want to do is point a subdomain to my DO app.

Added a new app (the feature is great btw!), deployed it, and then added a new CNAME entry to my DO networking (DNS is managed by DO).
Then getting “ERRSSLVERSIONORCIPHER_MISMATCH”.

What did I do wrong here?

Reply Report

crashoverride October 15, 2020

👋 @Trunksome

Submitting the CNAME in App Platform before adding the record in the DO networking tab causes App Platform to register the domain with CloudFlare before it exists. There is a 30 minute TTL on this record then your domain will start working.

However, as a workaround you can remove the custom domain, let your app deploy, then re-add the custom domain and it should start working almost instantly.

We are currently working on enhanced domain support that should fix this confusing workflow.
Reply Report
- Trunksome October 16, 2020
  
  Thank you for your quick reply!
  I added the custom domain in the app dashboard after adding the CNAME entry in the networking tab, and after maybe 2 minutes it worked.
  
  Reply Report
- bluevounder January 13, 2021
  
  @crashoverride I have a similar issue in that mydomain.com works fine, however, www.mydomain.com does not and I recieve ERRSSLVERSIONORCIPHER_MISMATCH. The CNAME is set up to point to mydomain.com and I’ve tried adding and removing all custom domains but still, the problem persists… Do you have any suggestions?
  
  Reply Report
  
  crashoverride January 13, 2021
  
  👋 @bluevounder
  
  Hmm, I’m not immediately sure what’s going on, can you please submit a support ticket so we can take a deeper look?
  
  https://do.co/2RvJI2Y
  
  Thanks!
  
  Reply Report

Answer 7

crashoverride October 15, 2020

👋 @Trunksome

Submitting the CNAME in App Platform before adding the record in the DO networking tab causes App Platform to register the domain with CloudFlare before it exists. There is a 30 minute TTL on this record then your domain will start working.

However, as a workaround you can remove the custom domain, let your app deploy, then re-add the custom domain and it should start working almost instantly.

We are currently working on enhanced domain support that should fix this confusing workflow.
Reply Report
- Trunksome October 16, 2020
  
  Thank you for your quick reply!
  I added the custom domain in the app dashboard after adding the CNAME entry in the networking tab, and after maybe 2 minutes it worked.
  
  Reply Report
- bluevounder January 13, 2021
  
  @crashoverride I have a similar issue in that mydomain.com works fine, however, www.mydomain.com does not and I recieve ERRSSLVERSIONORCIPHER_MISMATCH. The CNAME is set up to point to mydomain.com and I’ve tried adding and removing all custom domains but still, the problem persists… Do you have any suggestions?
  
  Reply Report
  
  crashoverride January 13, 2021
  
  👋 @bluevounder
  
  Hmm, I’m not immediately sure what’s going on, can you please submit a support ticket so we can take a deeper look?
  
  https://do.co/2RvJI2Y
  
  Thanks!
  
  Reply Report

Related

Question

My custom domain is showing SSL Mismatch error

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

My custom domain is showing SSL Mismatch error

Related

Leave a comment

Related

question

Why am I getting a Deploy Error: Health Checks?

question

How can I see the build logs for my application if the build was skipped for a deployment?

question

How can I use private git submodules in my app?

question

What does a "Development Database" mean in the context of the App Platform?

Looking for something else?