Getting 525 on CNAME DNS record with valid SNI

We have a Cloudflare DNS CNAME record to an AWS Api Gateway with a custom domain that uses SNI. We are getting a 525 SSL Handshake Failed.

We went through the steps on the support article We were able to test to make sure the custom domain on the aws side had a valid SNI configuration SSL Server Test (Powered by Qualys SSL Labs). We are able to directly go to the custom domain on the aws no problem and have chrome and mobile browsers acquire the cert correctly.

We have similar CNAME redirect to elb urls (which have certs that do not require SNI) that work perfectly well. We have Full (Strict) SSL turned on, as well as Universal SSL.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.