Error 502 When Accessing Origin via Public Hostname Tunnel

I have a web portal I’m attempting to move behind Access using a public hostname tunnel. The tunnel is setup and the corresponding CNAME record has been created in our domain’s DNS. When I attempt to access the portal I get “Error 502 Bad Gateway”. We are using a non CF SSL wildcard cert on the origin. Our SSL/TLS encryption mode is set to Full on our domain. What am I missing?

I resolved this issue by enabling “No TLS Verify” on the public hostname page of the tunnel under “Additional applications settings” | “TLS”.