I’ve started having issues with SSL for domains and subdomains that run through CloudFlare Proxy.
This happens with things like Mattermost server, Nextcloud server, Joplin - their apps report SSL errors. Also my own Python apps report SSL errors when trying to connect to APIs behind CloudFlare Proxy SSL.
Disabling Proxy solves the issue. But I’d like to keep using Proxy mode.
When Proxy mode is enabled all requests work fine when I’m doing them from the same network as the server, behind the same router. I assume because in that case it finds a direct route to the server not through a proxy. But from remote networks anywhere in the world it fails.
On my servers I use Let’s Encrypt certbot to generate certificates. I tried only using
--preferred-chain "ISRG Root X1" and without it. But again, I don’t get errors when using my own server without a proxy, so there’s something about CloudFlare’s SSL that breaks API requests from apps.
Openning them in web browser works fine.
Any ideas? What is the correct way of setting up SSL with CloudFlare proxy?
Nginx - certbot - cloudflare proxy