SWAG with Cloudflare proxy not working

Hello
This has bothered me for a long time now, and have been revisited the problem many times, but has so far not found the solution.
I have an Unraid server running some docker services that I want to expose on the internet. I use Cloudflare as my registrar for my domain.
On my unraid server I’m using SWAG to generate Let’s encrypt certificate for my various subdomains. Cloudflare “Universal SSL” is disabled as I want to use my own created certifates.
When I’m not proxing my subdomain (for example nextcloud) in Cloudflare DNS records setings page, it works fint.
I can then see that my nextcloud service is presenting me with a Let’s encrypt certificate. But when I enable CF proxy on my CNAME nextcloud subdomain I get the following error in Chrome:
“This site can’t provide a secure connection
nextcloud.mydomain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.
If I enable “Universal SSL” it also works (when subdomain is proxied through CF), but I’m then presented with Cloudflare issued certificate, not my Let’s encrypt generated certificate.
My SSL/TLS encryption mode is set to Full (strict).
I also notice that when not using “Universal SSL” I have an exclamation mark on my DNS record saying “This hostname is not covered by a certificate.”

What am I missing here?

And that’s the issue, you must not disable that unless you have an ACM certificate or unproxied DNS entries. You will use your own certificates for the origin connection, but the proxy connection will always have the certificate issued through Cloudflare. If you want that to be your own certificate, you need a Business plan, where you can upload that.

1 Like

Thanks. That helped me alot, and I understand more of how Cloudflare works now.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.