SSL not working on Worker

bicks.will · January 25, 2021, 4:51am

I’m in the process of publish a website to cloudflare’s edge using Wrangler and Cloudflare’s workers. I’ve been doing testing (mostly) without issue on a .workers.dev domain, and when I was using that domain SSL was enabled and redirected to by default.

Now I’m trying to publish my site to a custom domain on my CF account, using the options described in the docs for wrangler, and SSL/HTTPS does not want to work. I can access the HTTP version of the site just fine, but the HTTPS version of the site returns a ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. I verified the routes are setup to correctly send all requests to the worker irregardless of http vs https.

The issue is that there’s no documentation on the options or default behavior for SSL on Cloudflare workers. That would lead me to assume that CF would use an automatically generated SSL cert for the routes published by my worker, but that doesn’t seem to have happened, and as such I’m getting this error. Frustratingly there is absolutely no mention of SSL in the worker or wrangler docs (https://developers.cloudflare.com/workers/) so it’s hard to know what’s supposed to be happening and what might be wrong.

I’ve been unable to find any other information, other than this thread (My workers can not work) which addresses a similar issue and recommends contacting support, so that’s the only option I seem to have. I opened a ticket with CloudFlare but haven’t heard back for a few days. As someone who’s paying for a workers subscription, it’s a bit frustrating that it doesn’t (pardon the pun) work, and that I cant seem to get any support for the service I’m paying for.

Any recommendations would be very much appreciated!

sdayman · September 30, 2020, 4:31pm

You didn’t mention the hostname, so we can’t troubleshoot, but I bet it’s Section 3 in this #CommunityTip

bicks.will · September 30, 2020, 4:31pm

Thanks for the article, in this case I had a two-deep subdomain (www.subdomain.example.com), which I didn’t realize was illegal. That would explain my issue!

Thanks!

marc12 · October 18, 2020, 11:48pm

Thanks, I had the same issue and didn’t realize that two-level subdomains aren’t working here. There should be a warning somewhere.

sdayman · October 19, 2020, 12:56am

It’s listed with the certificate under SSL/TLS.

marc12 · October 19, 2020, 9:13am

I’m not sure what you mean. There is no related info in your screenshot.

Cloudflare has lots of functionality by now. Last time I’ve modified the SSL settings for my site must have been two years ago.

While creating a new DNS entry for the worker or creating the worker itself I’m not anywhere near that site and won’t see that info. It’s just not obvious nor easy to find once you run into that issue, e.g. by looking up the error code.

sdayman · October 19, 2020, 2:52pm

My screenshot shows you what the Universal certificate covers: *.example.com, and example.com. It doesn’t go deeper than the first subdomain.

Given the new concept of “serverless”, users in this realm won’t have had to deal with how to generate certificates for their site and what those certs cover. What makes it even more confusing is the default Worker hostnames: sub.yours.workers.dev. I don’t use those, but I suspect Cloudflare generates certs for *.yours.workers.dev

marc12 · October 19, 2020, 8:06pm

Ah I see. That’s quite obscure though. * typically means “anything”.