Related

Why am I getting a Deploy Error: Health Checks? Question Question
How can I see the build logs for my application if the build was skipped for a deployment? Question Question

Question

My custom domain is showing SSL Mismatch error

Posted October 6, 2020 2.5k views
DigitalOcean App Platform

After I added a custom domain to my app, when I visit that domain it shows me a SSL version or cipher mismatch error.

This site can’t provide a secure my-website.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Add a comment
By:
crashoverride

Related

Why am I getting a Deploy Error: Health Checks? Question Question
How can I see the build logs for my application if the build was skipped for a deployment? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers
crashoverride October 6, 2020

This can happen when the CNAME isn’t yet configured before adding it to app. Our TLS certificate issuer caches the NXDOMAIN (not found) DNS record, and the TLS certificate issuing is delayed. Normally it resolves automatically once the NXDOMAIN cache expires in about 30 minutes.

Reply Report
  • WoLfulus October 6, 2020

    At least for me this only happens when using DigitalOcean Domains, when I tried with CloudFlare it worked flawlessly. It would be nice to mention that it needs to be added before adding it to the app though. Saves a lot of headaches.

    Edit: it’s been quite a while since I added the domain, and I’m still receiving ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    Reply Report
FTX514 October 6, 2020

I have the same problem,
Many hours, and the problem persist. :(

Reply Report
flvb86 October 7, 2020

I made the error of adding the custom domain before the DNS entry was refreshed (due to TTL time). I’ve destroyed custom domain and added it again and now it works.

Reply Report
Trunksome October 15, 2020

I seem to have the same issue. What I want to do is point a subdomain to my DO app.

Added a new app (the feature is great btw!), deployed it, and then added a new CNAME entry to my DO networking (DNS is managed by DO).
Then getting “ERRSSLVERSIONORCIPHER_MISMATCH”.

What did I do wrong here?

Reply Report
  • crashoverride October 15, 2020

    👋 @Trunksome

    Submitting the CNAME in App Platform before adding the record in the DO networking tab causes App Platform to register the domain with CloudFlare before it exists. There is a 30 minute TTL on this record then your domain will start working.

    However, as a workaround you can remove the custom domain, let your app deploy, then re-add the custom domain and it should start working almost instantly.

    We are currently working on enhanced domain support that should fix this confusing workflow.

    Reply Report
  • 1001 January 23, 2021

    I have the exact same issue… Domain is showing the “Configuring” status but nothing changes (for hours and hours). Resubmitted like 5 times now - nothing seems to work. Quite frustrating.

    I have another domain that’s set up similarly in digital ocean networking and there it works. And with external DNS servers it also works.

    Reply Report
    • tobymccann March 24, 2021

      I also have the issue. It seems it has not been addressed. Using Google Domains/DNS. Tried various permutations all day long. It shouldn’t be this difficult.

      It would be good to be able to see some logs re: status of SSL cert and dns provisioning.

      Reply Report

Related

Looking for something else?

Ask a new question Search for more help