After I added a custom domain to my app, when I visit that domain it shows me a SSL version or cipher mismatch error.

This site can’t provide a secure my-website.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers

This can happen when the CNAME isn’t yet configured before adding it to app. Our TLS certificate issuer caches the NXDOMAIN (not found) DNS record, and the TLS certificate issuing is delayed. Normally it resolves automatically once the NXDOMAIN cache expires in about 30 minutes.

  • At least for me this only happens when using DigitalOcean Domains, when I tried with CloudFlare it worked flawlessly. It would be nice to mention that it needs to be added before adding it to the app though. Saves a lot of headaches.

    Edit: it’s been quite a while since I added the domain, and I’m still receiving ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I have the same problem,
Many hours, and the problem persist. :(

I made the error of adding the custom domain before the DNS entry was refreshed (due to TTL time). I’ve destroyed custom domain and added it again and now it works.

I seem to have the same issue. What I want to do is point a subdomain to my DO app.

Added a new app (the feature is great btw!), deployed it, and then added a new CNAME entry to my DO networking (DNS is managed by DO).
Then getting “ERRSSLVERSIONORCIPHER_MISMATCH”.

What did I do wrong here?

  • 👋 @Trunksome

    Submitting the CNAME in App Platform before adding the record in the DO networking tab causes App Platform to register the domain with CloudFlare before it exists. There is a 30 minute TTL on this record then your domain will start working.

    However, as a workaround you can remove the custom domain, let your app deploy, then re-add the custom domain and it should start working almost instantly.

    We are currently working on enhanced domain support that should fix this confusing workflow.

    • Thank you for your quick reply!
      I added the custom domain in the app dashboard after adding the CNAME entry in the networking tab, and after maybe 2 minutes it worked.

Submit an Answer