Cloudflare Workers and HTTP/3

I created a cloudflare worker using the base free account and tried accessing the workers.dev url using http3-test but it tells me that it cannot connect using http/3.

There don’t appear to be any network configuration settings for the worker and some comments in various forums suggest that Cloudflare takes its cue from the protocol used by the client. Perhaps this is mistaken.

Going to the workers.dev url shows that it is using a self-signed certificate, so perhaps that contributes.

I tried building the quiche examples to double-check quic support, but my clang environment didn’t agree with the build system and resolving the issues would take more time. I’ll put in an issue if i pursue it further.

Q1: is there a way to enable http/3 for Cloudflare workers?

Q2: is there a way to use a Let 's Encrypt certificate for Cloudflare workers? I see quite a few references to using one with other Cloudflare services, but I’m not sure how to do so with Workers.

thanks!

1 Like

not sure if workers supports HTTP/3 CF Workers HTTP/2 Only or HTTP/3 too? ?

thanks - that is the post which led me to think that Cloudflare might take its cue from the client request.

To enable HTTP/3 you need to add a route on your own domain, and use that instead of the workers.dev domain.

HTTP/3 is not yet an Internet Standard, so deploying it automatically for customers of the workers.dev would be a bad idea.

If you need users to see a LE cert when accessing your worker you have to use a route on your own domain, and be on a plan that allows custom certificates (either your own cert or an Advanced Certificate Manager issued cert with LE set as the CA). Unless you have very particular requirements just using the normal Universal Certificate issued by Cloudflare is fine. I cannot think of any real reason to use LE over any other certificate.

The entire .dev TLD is on the HSTS preload list, so all hostnames must have a valid cert, self signed certs cannot be bypassed by normal users.

1 Like

thanks for your help, Michael - that answers my questions.