I have the same problem (sorry our website is not publicly available for you to test).
The problem is on our API calls, made from our Front-end.
We can access the front-end pages, but sometimes, randomly, API calls get a 495 responses status, and other fail with CORS Errors (I guess itβs a consequence of the 495 status ?).
SSL certificates are up to date and not expired, configured in both front and api apps on Heroku (I also merged the Cloudflare root certificate just in case, as recommanded by Heroku support to test it).
The certificate is still not trusted, here is the result of the certs check with heroku cli
Name Display Name Common Name(s) Expires Trusted Type Domains
βββββββββββββββββ ββββββββββββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββ βββββββ ββββ βββββββ
abc-36791 Cloudflare cloudflare origin certificate, *.myapp.tech, myapp.tech 2040-03-02 15:28 UTC False SNI 1
Donβt know if it helps, If not related, remove this message or tell me and Iβll.
I have the same issue as outlined by @Maelig. We have a single page app that accesses an API. A random amount of requests to said API fail with status 495. I canβt find details in the Heroku logs. Itβs always different endpoints that fail with the error. Sometimes it can work for a prolonged period without any errors on a single device while another device does receive errors.
trusted: false is because Cloudflare origin certificate is only trusted by Cloudflare. So, for the SSL to work all the traffic should go through Cloudflare.
We are experiencing exactly the same issue, which seems to be occurring more frequently in recent days. It is impossible to reproduce it systematically, as it happens very randomly.
Our domain is camp-de-base.la-cordee.net. Our Cloudflare configuration correctly points to the DNS Target provided by Heroku for this domain name, and Herokuβs ACM certificate is also enabled. Note that if I disable it and remove the certificate on Heroku, the connection with Cloudflare no longer works, and we get an βSSL handshake failed, error code 525β.
Iβm not sure if this helps in understanding the issue, but the certificate interpreted by the browser for our domain is a Google certificate. I noticed that itβs the same for your URL. However, without going through Cloudflare, a site managed by Herokuβs ACM uses a certificate issued by Letβs Encrypt.
Could there be a conflict between these two certificates that occurs randomly?
I have also reviewed our internal logs, and Iβm not seeing any 495 errors. This leads me to believe that those request that are failing are not making it to the Heroku routing system to be passed to your app dynos. Heroku will log any request that make it to the router and app.
We are experiencing the same issue on our production server, however, we are not experiencing this issue on our staging server. The two environments are identical, but taking a quick look, the certificate on our production environment is now issued by Google Trust Services whereas the certificate on staging is issued by Letβs Encrypt.
