DNS proxy with AWS ACM wildcard certificates

What is the name of the domain?

What is the error message?

example.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What is the issue you’re encountering

Having ERR_SSL_VERSION_OR_CIPHER_MISMATCH error when the certificate of the origin server is configured with wildcard on AWS ACM.

What steps have you taken to resolve the issue?

Precondition

• example com is just an example, not the one I actually use.
• Using AWS ACM for the certificate for the origin server(AWS APIGW V2)
• Using wildcard cert(such as *.example.com)
• Registering DNS record for custom domain for APIGW on cloudflare with dns proxy enabled.

Steps

• Disabled dns proxy:
  it worked. ( I was able to access the server without error)
• Adding Subject Alternative Name on ACM which is exactly same with the domain I use to access the server:
  it didn’t work.
• Created a certificate without using wildcard, enabling dns proxy:
  it worked

What I want

I’d like to use records with dns proxy enabled and use wildcard certs on AWS ACM

What feature, service or problem is this related to?

DNS records

What are the steps to reproduce the issue?

• Enable dns proxy
• Use wildcard on ACM Certificates

SSL encryption mode on cloudflare is Full (strict)

Sorry, wildcard itself wasn’t a problem.
The actual issue is

• When dns proxy is enabled, I encounter SSL error even if the cert has SAN which is identical to the domain for access.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.