TLS error while using tunnel for ssh and other services

I’m trying to create a tunnel for using SSH. Followed this doc:

The cloudflared service at server seems to be running fine.
However when I am trying to connect ssh from a second machine. I’m getting this error:

$ ssh
2022-01-27T06:00:51Z ERR failed to connect to origin error="remote error: tls: handshake failure" originURL=
remote error: tls: handshake failure
kex_exchange_identification: Connection closed by remote host

The domain used was like

1 Like

Did you miss this step?

I already configured that on my client machine:


  ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h

Did you see anything in your Cloudflare firewall events?

It all shows blank to me:

No, not this one.

A couple tips:


The firewall shows no activity

SSL Mode: I’ve tried by changing it to Full and Flexible modes.
WebSockets: Already enabled
Super Bot Fight Mode: Not using that.

Figured it out.
I was using 2 level of subdomain to test like:
and Cloudflare is failing on SSL for that. It’s working only for 1 level of subdomain like this:


Hi, I met same problem for same reason, and resolved above.
I think it should be documented (or fixed if it could). @nuno.diegues

I would suggest to add this to document clearly as @kyontan said (Or provide support for more level subdomains).
This might be an issue for a lot more people around.

1 Like

Was there anything in the cloudflared tunnel logs/output that made you understand that?

How did you figure it out?

Thank you for posting this! I was pulling my hair out! No way I would have figured this out in my current lifetime.

Could not find any logs. Had to go blind. Hit and try.

OMG. Thank you so much for this post. I was losing all my hair trying to figure out what was going on. Absolutely upvote the suggestion to add this to the documents or multilevel support.