I run a subdomain called Part One, which is part of a larger medical education website (LITFL).
Part One is all static HTML files served from an S3 bucket, whilst the rest of the website is wordpress hosted elsewhere. Previously, Part One was served over http with DNS via cloudflare; i.e. unsecured but functional. HSTS has now been enabled, which is giving a ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
My understanding from reading through the “SSL + cloudflare + S3” threads here and on reddit is that I need to enable SSL on the S3 bucket and then add a CNAME record in the Cloudflare DNS settings but I have been trying this for most of the day and unable to get this to work.
Currently what I have:
S3 bucket is set up to statically host a site
Cloudfront is serving Part One successfully over SSL (https://d2pn35jf18tyic.cloudfront.net/).
Currently the cloudfront is signed with an origin certificate from cloudflare, but I have tried both an AWS-generated and cloudfront cert.
Cloudfront is accessing the S3 bucket via the REST API endpoint with the default root object as index.html (enables SSL between S3 and cloudfront), but I have tried the web endpoint as well
DNS in cloudflare has CNAME records pointing to this cloudfront address
I have also tried accessing the S3 bucket directly from cloudflare, and with SSL/TLS set to flexible for that subdomain, without success.
Why is this broken and how do I fix it?