How to resolve HTTPS in a JS worker

I’m trying to use Cloudflare workers to health-check individual servers behind a Round-Robin DNS record.

I’m trying to understand why does curl resolving vs Host header works for HTTPS websites.

My problem is the following:

For HTTP, these two are exactly the same:

curl -I http://direct.openfreemap.org/styles/liberty

and

curl -H "Host: direct.openfreemap.org" -I http://144.76.168.195/styles/liberty

however, for HTTPS, there is no way to make it work.

curl -H "Host: direct.openfreemap.org" -I https://144.76.168.195/styles/liberty

curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

The only way to make it work with HTTPS is to use the special, low-level “resolve” option with curl:

curl --resolve direct.openfreemap.org:443:144.76.168.195 -I https://direct.openfreemap.org/styles/liberty

My problem is that while it works with curl, I cannot do the same in a JS environment in a Cloudflare worker. I’m trying to use Cloudflare workers to health-check individual servers behind a Round-Robin DNS record, and this would be the only way.

Can you tell me how does HTTPS work, or how can I possibly fix this? The “Host” header is definitely not enough.

Create individual DNS records for each origin for the health checks.

You can use resolveOverride but only if the request is to the same zone.

Thanks! Is this how am I supposed to use it?

    const url = 'http://direct.openfreemap.org/styles/liberty'

    const response = await fetch(url, {cf:{resolveOverride:'abc.openfreemap.org'}})

My problem is that it doesn’t do anything, it’s just silently ignoring the resolveOverride flag. I can even put ‘127.0.0.1’ in there and it’ll still work.