Argo Tunnel SSL Issue


#1

Hi,

We’re experimenting with Argo Tunnel on a Windows box.

The Windows box runs a website on port 443 which is secured using a wildcard certificate which has *.internaldomain.com as the common name.

We can see Argo Tunnel create a tunnel but when we connect from outside through Cloudflare we can see the errors below in Argo Tunnel “x509: certificate signed by unknown authority”

The certificate is from DigiCert so isn’t an “unknown authority” – what are we missing please? :blush:

PS C:\cloudflared-stable-windows-amd64> .\cloudflared.exe --hostname files.externaldomain.com --origin-server-name *.internaldomain.com https://localhost:443

←[36mINFO←[0m[0000] cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/argo-tunnel/reference/service/

←[36mINFO←[0m[0000] Proxying tunnel requests to https://localhost:443

←[33mWARN←[0m[0000] error obtaining the system certificates: %scrypto/x509: system root pool is not available on Windows

←[36mINFO←[0m[0000] Starting metrics server                       ←[36maddr←[0m="127.0.0.1:54651"

←[36mINFO←[0m[0001] Connected to LHR

←[36mINFO←[0m[0002] Connected to MAN

←[36mINFO←[0m[0003] Connected to LHR

←[36mINFO←[0m[0004] Connected to MAN

←[36mINFO←[0m[0013] GET https://localhost:443/ HTTP/1.1           ←[36mCF-RAY←[0m=414264ebfb926a25-LHR

←[31mERRO←[0m[0013] HTTP request error                            ←[31merror←[0m="x509: certificate signed by unknown authority"

←[36mINFO←[0m[0013] GET https://localhost:443/ HTTP/1.1           ←[36mCF-RAY←[0m=414264ecec9b6a25-LHR

←[31mERRO←[0m[0013] HTTP request error                            ←[31merror←[0m="x509: certificate signed by unknown authority"

#2

Instead of *.internaldomain can you try a specific hostname? either internaldomain.com or foo.internaldomain.com


#3

Hi, thanks, I tried that already and it didn’t work :neutral_face:

Logged a ticket with support (1516440 ) and “This is a known problem that Engineering is aware of. They are currently working on a solution” so at least we know what’s happening.