SSL 525 problem when calling an API from Cloudflare Worker

I am unable to call an external API (Revue.co, the Twitter newsletter service) from a Cloudflare Worker

I get an SSL problem and a 525 status code from the fetch request.

I already posted this here, but for some reason the conversation got locked-up.

There are a few related posts with similar errors and suggested workarounds, none of them worked for me.

I tried all the global/page SSL settings combinations possible that I can think off (global/page off, flexible, full, strict), without success

I just send a request to some external https API:

async function subscribeToRevue({
  email,
  revueSecretKey,
}: {
  email: string;
  revueSecretKey: string;
}) {
  const REVUE_SUBSCRIBE_API = "https://www.getrevue.co/api/v2/subscribers";

  const revueFormData = new FormData();
  revueFormData.append("email", email);
  revueFormData.append("double_opt_in", "true");

  const result = await fetch(REVUE_SUBSCRIBE_API, {
    method: "POST",
    headers: {
      Authorization: `Token ${revueSecretKey}`,
    },
    body: revueFormData,
  });

  return result;
}

My domains:
https://cf.thisweekinreact.com/
https://this-week-in-react.pages.dev/

Code: this-week-in-react/index.tsx at main · slorber/this-week-in-react · GitHub

There’s nothing fancy being done, and it’s quite similar to your existing Egghead + Unsplash tutorial here: Make API Requests in a Workers Function Using the Fetch API | egghead.io

This works fine in Wranger/dev.

I also got this working on Vercel in 3 minutes, while I’m struggling for hours to make it work on Cloudflare.

I really wanted to give a try CF workers but if I’m unable to make it work I don’t know what else to do.

Can someone from support show me that the above code can technically work on Cloudflare? Using what config/workaround?

Thanks


Related to:

# Error 525

Ray ID: 6d9eb373ca1b40b1 • 2022-02-07 18:32:27 UTC

## SSL handshake failed

You

### Browser

Working

Paris

### Cloudflare

Working

cf.thisweekinreact.com

### Host

Error

## What happened?

Cloudflare is unable to establish an SSL connection to the origin server.

## What can I do?

### If you're a visitor of this website:

Please try again in a few minutes.

### If you're the owner of this website:

It appears that the SSL configuration used is not compatible with Cloudflare. This could happen for a several reasons, including no shared cipher suites. [Additional troubleshooting information here.](https://support.cloudflare.com/hc/en-us/articles/200278659)

Cloudflare Ray ID: **6d9eb373ca1b40b1** • Your IP: 2a01:cb00:ca6:de00:59c3:19b8:ed3:9294 • Performance & security by [Cloudflare](https://www.cloudflare.com/5xx-error-landing)
1 Like

Origin hosting provider is?

@thomas4 I don’t really know, I’m not a sysadmin to be sure. I think I used a network tracing tool the other day and they may be on Cloudflare (host or cdn/proxy I can’t tell).

Why does it matter anyway? I don’t want my site to be down if this third-party API decides to migrate from/to Cloudflare in the future :man_shrugging: this should work no matter the host they chose and IMHO this is a bug in Cloudflare if all other hosts are able to call that API but not Cloudflare.

I can’t easily ask them technical details (support is not so technical) and neither ask them to use another host or change their settings just for me.

Personally I’d appreciate if Cloudflare offered at least settings to decide on SSL exceptions on a per-site/domain/url granularity (and I mean, the fetch() target site, not my own site/domain/url)

I’m as annoyed as you with this particular bug and it’s been “fixed” once before, please create a ticket with Cloudflare, they’re the only ones that can fix this.

You can reference ticket: #2358006

Thanks

So do I still need to do anything here?

I tried to contact the support but apparently the “support center” is automated and I don’t even understand how to fill a ticket and get a response from a real human being

You have to create the ticket in your Admin panel, might have to run through some hoops before you can actually create a ticket.

Is this where I’m supposed to try?
https://dash.cloudflare.com/redirect?account=support

I can only get a list of suggested links at the end

Might need a paid account to unlock that nowadays…

I get here directly

For some unknown reasons, it looks like CF is able to submit requests to Revue API now

This deployment now works despite not changing anything on my side: https://this-week-in-react.pages.dev/

The question is: why? Can I expect this to keep working over time?

It loads just fine for me!

Is Cloudflare paused right now? If so, unpause it and I’ll reload it to see if I get an error with CF enabled!

The problem was not when displaying the page, but rather when submitting the subscription form (calling Revue API with a POST request)

The CF proxy was already turned on:

And we can subscribe successfully with these 2 URLs (same deployment)

I did not change anything since I posted this issue 22 days ago, so something seems to have changed on the Cloudflare side.

I’d like to know what changed exactly and if we can expect this to keep working in the future

We are facing the same problem, when working with the deepl API at https://api-free.deepl.com/v2/translate.

It’s a bit unfortunate that there is no real solution to this, other than hoping for a fix :confused:?

1 Like