Cloudfare and NGINX [error] 1226#1226: *14 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40)

Hey there,

Thanks for your question.

While your server is advertising TLS1.3 support, it does not support any of the TLS1.3 ciphers that Cloudflare Supports.

To confirm this I took a look at the 502 errors for your domain, and the requested cipher by the clients that triggered the 502 errors is AEAD-AES128-GCM-SHA256, which is not configured on your nginx conf.

Does this issue happen if you disable TLS1.3 support, or add the TLS1.3 supported ciphers from this list?

Cipher Suites | Cloudflare Developer Docs

I look forward to hearing back on the results!