TLS handshake error when conencting to a website behind a turnnel


I recently start testing the Cloudflare tunnel feature.

I’ve set up a tunnel with the following configuration:

tunnel: xxx


  • service: hello_world

After running cloudflared, I was able to access the hello world page with HTTP protocol. However, connection via HTTPS failed at the handshake stage:

$ curl -v

  • Trying 2606:xxxxxxxx:443…
  • Connected to (2606:xxxxxxxxxx) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS alert, handshake failure (552):
  • error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
  • Closing connection 0
    curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Has anyone seen this issue before? How can you fix it so I can access the service via HTTPS?

Thank you!

How does SSL/TLS look for that domain at Check the Edge Certificates section to see if it’s active.

Related to what @sdayman said:


Ah I see.

OK, I just realized I have Universal SSL disabled and just enabled. Should I just wait for the certificate to be issued?

(I assumed that if in the DNS page I have a hostname with proxy enabled, CF will get a certificate automatically for me. Looks like that’s not the case)