SSH connection to server though argo tunnel gives SSL error

Performance Argo Tunnel
#1

I was working on setting up my first Argo Tunnel server. I got the web portion to work perfectly. But I am having problems getting it to work with SSH. I am on Windows and am using Putty.

I setup cloudflared on Windows. I went to the Proxy settings for the connection in Putty set the proxy type to local and the local proxy command to “cloudflared.exe access ssh --hostname %host” but whenever I try to open a connection almost immediately I get an error saying “Remote side unexpectedly closed network connection”.

If I try to proxy command directly “cloudflared.exe access ssh --hostname server1.mydomain.example” it gives the error: “ERR failed to connect to origin error=“remote error: tls: handshake failure” originURL=https://server1.mydomain.example
remote error: tls: handshake failure”

So seeing how its trying to go over https I try typing that directly into my browser to see what I can see about the nature of the error, and I get this error code: “SSL_ERROR_NO_CYPHER_OVERLAP”

#2

The error “SSL ERROR NO CYPHER OVERLAP" in Mozilla prevents access to the site because it detects an issue with creating a valid connection to your site. This may be a temporary issue, and should resolve itself within 24 hours. If not, grey-cloud/deactivate Cloudflare so that the website uses the origin’s SSL certificate, see How do I temporarily deactivate Cloudflare? Activate Cloudflare again in 24 hours and try to access your website to see if the SSL certificate has been successfully deployed.

Other successful troubleshooting suggestions can be found in this Community Tip. Let us know if you continue to see issues after trying these tips, we’re happy to help further.

I suspect it’s #3 in the above tip. Universal SSL certificates only support SSL for the root or first-level subdomains such as example.com and www.example.com. To enable SSL support on second, third, and fourth level subdomains such as dev.www.example.com or app3.dev.www.example.com, you can:

  • Purchase the Advanced Certificate Manager feature
  • Upgrade to a Business or Enterprise plan to upload a Custom SSL certificate.