So I’ve been trying to get this resolved for a few days and have hit a dead end. Details below.
Web server with Letsencrypt ssl cert installed.
DNS A record points to IP and set to DNS only, bypassing cloudflare
Web server can be reached internally and externally on the listening port tcp.8123 and shows the certificate is installed and chained properly.
DNS is updated to proxied, cloudflare is now inline
Cloudflare throws
400: Bad Request
Website is set to respond on :8443 but from what I read that should work.
Suggestions for best way to troubleshoot? If I bypass cloudflare caching and just use it for DNS, the site works. Some incompatibility between cloudflare and site.
You’d need to check your access/error logs at the origin to understand why it is returning a HTTP 400.
May I ask what are you using for … Apache, Nginx for web server, or something else maybe?
Additionally you can temporary enable the “Pause Cloudflare for this site” option for the moment of troubleshooting.
Or rather, you do not see this error when unproxied (DNS-only)?
8123 =/= 8443. Does the site respond on 8443 with a valid certificate?
Yes, when cloudflare is bypassed, the site responds using https over tcp/8443 and presents a valid letsencrypt cert which shows proper chaining and which matched the fqdn.
It seems this feature in Home Assistant was added in July last year so still somewhat new, but under core logs, there was an entry for each connection attempt and the IP of the proxy server.