I’m using the authenticated origin pull tls/ssl feature and receive an email outlining that I need to update a certificate on my server:
Cloudflare has detected that your configuration is using our Authenticated Origin Pulls feature. Recently, we renewed the certificate that our edge network presents to your origin due to the upcoming expiration of the current certificate on January 11, 2020 .
I included this in my nginx settings for the site:
ssl_client_certificate /etc/nginx/certs/cloudflare.crt; ssl_verify_client on;
nginx.conf file contains
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ssl_ecdh_curve auto;
But accessing the site leads to the following nginx error:
525 SSL Handshake
2019/12/21 05:31:22 [crit] 21270#21270: *9 SSL_do_handshake() failed (SSL: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve) while SSL handshaking, client: 220.127.116.11, server: 0.0.0.0:443
My server details:
OpenSSL 1.1.1 11 Sep 2018
Ubuntu 18.04.3 LTS
There seem to be many related issues reported here on the community forums but I wasn’t able to find any kind of definitive answer. I’d include links but I’m a new user and limited to 2 links per post.
Any help would be appreciated!