Cloudflare Proxy

shadowgaming100 · August 21, 2024, 11:36am

i have my vercel website with custom domain proxy with cloudflare, when cloudflare proxy in on i get

This site can’t provide a secure connection

bootstrap.icons.cdn.mycodelab.is-cool.dev uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

without cloudflare proxy i can access it normal, i have my ssl config to full

i have check the Documentation

i did all the steps written there and still does not load the website

pawlean · August 21, 2024, 11:40am

Could you share your URL with us to check DNS?

I’ll also share some similar threads by other users:

shadowgaming100 · August 21, 2024, 11:43am

https://bootstrap.icons.cdn.mycodelab.is-cool.dev/

shadowgaming100 · August 21, 2024, 11:45am

@pawlean here is the picture of my dns records and SSL/TLS encryption config

pawlean · August 21, 2024, 11:50am

From your screenshot, there’s a warning sign next to your CNAME config. What does it say?

I also took a look at the DNS Checker and found that your CNAME is not showing up.

shadowgaming100 · August 21, 2024, 11:51am

This hostname is not covered by a certificate. To ensure full coverage, purchase Advanced Certificate Manager to use Total TLS for full certificate coverage of proxied hostnames.

shadowgaming100 · August 21, 2024, 11:52am

@pawlean it should never show cname right because of cloudflare proxy

pawlean · August 21, 2024, 12:03pm

I think you’ve got your answer there! Could you get a certificate?

Cross-posting this guide in case it’s helpful

shadowgaming100 · August 21, 2024, 12:59pm

but for other hosting providers it still works when on proxy

shadowgaming100 · August 21, 2024, 1:00pm

can you give me an example for this for vercel.json

pawlean · August 21, 2024, 6:46pm

Could you try the steps outlined in the Troubleshooting section in the relevant docs?

Both Cloudflare and Vercel utilize the ACME protocol—with SSL providers like Let’s Encrypt—to issue certificates. To validate domain ownership, the protocol sends an HTTP (not HTTPS) request to /.well-known/acme-challenge/<id> on your server.

Cloudflare has a variety of services that, depending on their configuration, could block the ACME protocol verification checks, resulting in Vercel failing to issue TLS certificates properly:

Page Rules

Access

Bot Fight Mode

To avoid disruption, the following path:

http://<YOUR_DOMAIN>/.well-known/acme-challenge/*

Must be excluded from page rules, bot protection, or bypassed inside Access.

shadowgaming100 · August 22, 2024, 10:53am

it already has a certificate because when i unproxy and check using sslchecker it shows that it already has a certificate

i have no rules and i have disabled features that will block it

shadowgaming100 · August 24, 2024, 7:35am

@pawlean hello? Is there any solution

pawlean · August 24, 2024, 1:30pm

Could you try disabling any setting you have on Cloudflare? For example:

shadowgaming100 · August 25, 2024, 8:11am

@pawlean i have done that already and it does not work

shadowgaming100 · August 27, 2024, 9:08am

@pawlean hello? I am waiting for a response

system · September 26, 2024, 9:09am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare DNS with vercel hosting Help nextjs , domains	3	67	August 14, 2024
Cloudflare Proxy Issue Help domains	16	70	August 24, 2024
Cloudflare proxy no SSL subdomain Help domains	3	26	August 16, 2024
Invalid Configuration Cloudflare Proxy Help domains	5	15	January 3, 2025
Custom domain stuck on "Generating SSL Certificate" Help domains	8	28	December 19, 2024

Cloudflare Proxy

Related topics