ERR_SSL_VERSION_OR_CIPHER_MISMATCH after Letsencrypt certificate

[paulvanleest]

After running the unifi_ssl_import.sh and succesfully updating the keystore, browsers would not accept the certificate. The error displayed in Edge is ERR_SSL_VERSION_OR_CIPHER_MISMATCH, and you are unable to get to the webinterface.

To solve this I edited the "system.properties" file located in the data directory, and added this line:
unifi.https.ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CCM,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CCM,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

Since this is caused by adjusting the keystore this should be addressed here I think. This post might help other users and there might be a better way to tackle this issue. The only difference I could find within the keystores was the used encryption: Where Unifi has RSA 4069, the new one has SHA256withRSA.

[MatthK]

Thanks for that. It hit me today and I suddenly couldn't access my Unifi Controller anymore. Adding this line did the trick and it works fine again.

[spudster23]

@paulvanleest I logged in just to thank you for that. I migrated my unifi controller to a new server and used @stevejenkins script but got the same error and this resolved it.

[paulvanleest]

Great, thanks for the credits, you are very welcome!