#ERR_SSL_VERSION_OR_CIPHER_MISMATCH - Edge Certificate pending validation

You possibly need to disable or reconfigure DNSSEC on both sides

Alright, I just configured DNSSEC on Porkbun. I copied values from Cloudfare

How long should I wait? I disabled and enabled the Uniersal SSL once now

Okay the dashboard says

DNSSEC is pending while we wait for the DS to be added to your registrar. This usually takes ten minutes, but can take up to an hour.
I'll keep posted

Doesn't help.

It's still pending validation

Should I wait longer?

This is my current DNS records

the zone is in Active state right?

Meaning the domain? Yes

It's on Porkbun.

I modified all the settings. Nothing is working. Sad. 😢

So I repeated the process again

1. Removed the cloudflare
2. Added the domain again
3. Updated the nameserver

Again same issue

Show your DNS Records in cf (bluring anything sensitive), it looks like you've got a wildcard cname or something

Sadly, I don't have any wildcard record

you've got one somewhere somehow

at the bottom of the dns records page, what does it say your Cloudflare nameservers are?

This.

Cool, so it looks like it just doesn't care about your dns settings at all. Your domain is spelled right, right? supposed to be softinttech.org misspelled w/ two t's and not softintech.org?

two t is correct

soft int tech .org

Thanks for confirming, this is something that would have to be escalated to support then, looks like there's a ghost dns zone overriding/it just doesn't care about yours and neither of us see anything obviously wrong with your setup. Trying to see the best way to go about that

Cool. Looking forward!

Strangely the API also doesn't return the ghost record.

this was escalated and they reached out on the community thread asking you to make a registrar ticket to be escalated as they think it's related to that (and also a record on your apex as another thing to try)

Thank you. Case ID: 01227438

and how to setup the apex?

So they just closed the ticket, Because I'm on a free plan

@alpine narwhal do you have an ssl certificate at the endpoint?

Yes. I have let's encrypt

i would double check and make sure it's actually issued and current. I had this error before and based on my research it was due to the endpoint ssl cert not being issued yet.

Thanks David. Let me double check

Hi @old night Yes. I removed the cloudflare and double checked. The subdomains has own SSL certificates.
The moment I turn ON cloudflare, the error comes back again

Ssl is set to full (strict)?

the ssl setting won't matter for this error (though it should always be full strict regardless), the error happens because there's no edge certificate issued and there not being one issued is a cloudflare issue which is why chaika escalated it. i can only assume the ticket being closed was a mistake and I've already mentioned that on the escalation for someone to correct

Oh. I was mistaken. I couldn't /didn't see the whole error massage. Thanks for clarifying

no worries

Thank you

Case ID: 01227438

Cloudflare support is super slow. Things I did so far

• Moved the domain name back to porkbun
• Paused and Resume cloudflare
• Turned of Proxy for 24 hours and enabled it
• Disabled DNSEC for 24 hours and enabled it
• Disabled Universal Certificate for 24 hours and enabled it
• Even if the orange cloud is off, DNS checkers not showing the IP (Meaning Cloudflare is not resolving the DNS too)

Can I upgrade to Pro plan for better support? I'm losing business due to this issue

Haved try turning off TLSv1.3 and HSTS? Or Or temporarily disable “Automatic HTTPS Rewrites” and then use HTTP to access it until a new edge certificate is enacted?