I am using a non-standard HTTP port on purpose - port 80 on the origin server is used for other purposes. I also have HSTS enabled on the root of the domain, but not set to affect subdomains.
I’m sure I’m missing something quite simple here. Any ideas?
On your Crypto page, you may have “Always Use HTTPS” enabled.
You can either add a Page Rule to disable the above option for your sub domain…OR turn that feature off, then add a Page Rule to ENable that feature for the root domain.
I see… thanks for your input.
I’m a bit confused on how I should do this, given a couple constraints:
The service I have running on the origin server simply cannot do HTTPS
It also can’t use port 80, as that’s already taken
I have it set to use 2086 right now, and that’s working fine - no SSL either between end-browser and Cloudflare, nor between Cloudflare and origin.
If I attempt to connect to https:// on port 2086, I get an error:
Firefox: SSL received a record that exceeded the maximum permissible length.
Chrome: ERR_SSL_PROTOCOL_ERROR
If I change the service on the origin to listen on 2087 [designated HTTPS traffic?], I get:
Firefox: Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Am I out of luck and HAVE to use regular HTTP since I’m on a non-standard port?