This has bothered me for a long time now, and have been revisited the problem many times, but has so far not found the solution.
I have an Unraid server running some docker services that I want to expose on the internet. I use Cloudflare as my registrar for my domain.
On my unraid server I’m using SWAG to generate Let’s encrypt certificate for my various subdomains. Cloudflare “Universal SSL” is disabled as I want to use my own created certifates.
When I’m not proxing my subdomain (for example nextcloud) in Cloudflare DNS records setings page, it works fint.
I can then see that my nextcloud service is presenting me with a Let’s encrypt certificate. But when I enable CF proxy on my CNAME nextcloud subdomain I get the following error in Chrome:
“This site can’t provide a secure connection
nextcloud.mydomain.com uses an unsupported protocol.
If I enable “Universal SSL” it also works (when subdomain is proxied through CF), but I’m then presented with Cloudflare issued certificate, not my Let’s encrypt generated certificate.
My SSL/TLS encryption mode is set to Full (strict).
I also notice that when not using “Universal SSL” I have an exclamation mark on my DNS record saying “This hostname is not covered by a certificate.”
What am I missing here?