Issue: It seems the HTTPS request CF is making to b.com is not including the b.com host/SNI (it seems to be requesting with the host set to a.com, but b.com is only configured to respond via HTTPS on its b.com).
Question: Does b.com require a https cert for a.com? Why can’t CF just make a https://b.com request without setting the host to a.com?
How should I be configuring this? Is a CNAME the proper way?
Does the CNAME orange proxy just resolve the hostname to an IP and then discard the hostname (not using the hostname in the https request host/SNI)?
What feature, service or problem is this related to?
Yes, using a CNAME you need your origin to answer to the a.com name, including the certificate. Otherwise you could point it to someone else’s site and hijack their content under your domain name.
Is there not a way to config CF to act like a simple reverse proxy to b.com?
I can use a workers script to do this, but it seems like this would be built in somewhere to CF (reverse proxy to origin, using the origins own domain as host/SNI).