#Universal SSL certificate still isn't validated after 48 hours.

Hi there,

I've recently connected my domain (on squarespace) to cloudflare, my universal SSL certificate still isn't validated after 48 hours.

My site gives the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" and I think this is why.

Hope someone can help me out.

Greetings,
mm6683.

Hey 👋

That error is related to your universal ssl not being issued.

What's your domain name?

midascloud.net

DNSSEC is enabled/configured at your Registrar, Squarespace, with an invalid configuration.

; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for midascloud.net.)

https://dnsviz.net/d/midascloud.net/dnssec/

You’ll want to either outright disable DNSSEC, or update your DNSSEC configuration with the information Cloudflare gives you:
https://developers.cloudflare.com/dns/additional-options/dnssec/

These changes to your DNSSEC Configuration can be done at your Registrar, Squarespace

Thank you, will do that.

Once you get DNSSEC fixed Cloudflare should eventually retry and succeed issuing the ssl cert. You could also disable Universal SSL under SSL → Edge Certifications, wait a few minutes, re-enable to try to speed it up, otherwise Cloudflare backs off/waits longer with each failure so it may take a bit for it to retry again.

so the algorithm is set incorrectly (now set to PRIVATEOID) what does it need to be?

ECDSA / Algo 13

In the dashboard, under DNS -> Settings, you can click "DS Record" drop down to see the information you're supposed to set

ok

Nice, looks like you fixed your dnssec config and it's working and secure now. I would disable universal ssl for a few minutes and re-enable like I said as well to give issuance a kick/so that it tries again sooner, might still be a bit though since you just fixed it