I can’t seem to get the CA Cert working with Full (strict) on my domain giffgaffstatus.com
I used this command…
echo | openssl s_client -connect XX.XX.XX.XX:443 -servername giffgaffstatus.com -tls1_2 2> /dev/null | sed -n '/Certificate chain/,/---/p'
…to check that the server is providing the Origin CA cert, and it outputted…
Certificate chain 0 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California ---
…which makes me think it definitely is.
Hosts generated on CF include *.giffgaffstatus.com and giffgaffstatus.com, so both should work fine.
Connecting to the server via its local IP on my network also shows the CF Origin CA cert: https://u.davwheat.dev/KBMyzA.png (can’t embed, new user)
I have no clue why it’s not working, and instead showing me the 526 error.