I’ve started having issues with SSL for domains and subdomains that run through CloudFlare Proxy.
This happens with things like Mattermost server, Nextcloud server, Joplin - their apps report SSL errors. Also my own Python apps report SSL errors when trying to connect to APIs behind CloudFlare Proxy SSL.
Disabling Proxy solves the issue. But I’d like to keep using Proxy mode.
When Proxy mode is enabled all requests work fine when I’m doing them from the same network as the server, behind the same router. I assume because in that case it finds a direct route to the server not through a proxy. But from remote networks anywhere in the world it fails.
On my servers I use Let’s Encrypt certbot to generate certificates. I tried only using --preferred-chain "ISRG Root X1" and without it. But again, I don’t get errors when using my own server without a proxy, so there’s something about CloudFlare’s SSL that breaks API requests from apps.
Openning them in web browser works fine.
Any ideas? What is the correct way of setting up SSL with CloudFlare proxy?
It replaces the Let’s Encrypt certificate on the Cloudflare proxy edge server with a certificate from Digicert. Some software has been erroring out because an outdated root cert for Let’s Encrypt expired.
Well, these are the ones assigned to my domains. So I guess that won’t help.
I’m kind of afraid to bring this up, to not confuse the thread, because I feel like it’s completely unrelated issue. However with a similar behavior.
I’m running Mattermost server the same way, and I send messages to it using Webhooks through Python. Whenever it goes through Cloudflare proxy I get 403 Forbidden reply from it. Any idea what it might be? I’m not sure where the forbidden comes from, cloudflare or my nginx server.
If I send the same request using curl it works though, through cloudflare proxy.