CF workers mtls fetch doesn't work

I have 3 rules, to list them by order

  1. allow VPN IP to access my .dev domain
  2. allow mTLS client to access my .dev domain
  3. block all users

I was following but the request is blocked my rule 3, block all users, meaning somehow the mTLS is missing.

I tried to troubleshoot my cert with and the connection in local curl is good.

How can I debug this? Thanks in advance

I would be awesome if someone can provide some guidance here. Thank you