We are trying to configure an argo tunnel based access to application.
We have created few which work without any issues.
But having trouble in one of the servers the only difference in this one is the port being utilized to run the tunnel.

tunnel: tunnel_UUID
credentials-file: /root/.cloudflared/tunnel_UUID.json

ingress:
- hostname: configuredsshdns.com
service: ssh://localhost:22 – This works
service: https://localhost:4434 – Error 502
service: https://localhost:18080 – Error 502

This is a “catch-all” rule

- service: http_status:404

Also the logs display this error message!
error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate has expired or is not yet valid: current time 2021-08-04T10:21:46Z is after 2020-08-24T14:05:48Z” cfRay=67970f885eee2e00-HKG ingressRule=2

2021-08-04T10:22:17Z ERR error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate has expired or is not yet valid: current time 2021-08-04T10:22:17Z is after 2020-08-24T14:05:48Z” cfRay=6797104cbfd01d31-BLR ingressRule=1

Removed hostmane here in the topic as it was not allowing me to post with more than 4 urls
Would really appreciate all the help we can get.
Regards

It looks like you’re trying to use the same hostname for multiple services. I’m pretty sure you can’t do that. For example, I have a Raspberry Pi (PiHole). I need two ingress rules:

1. Hostname pi.example.com with service to https://localhost:443
2. Hostname ssh.example.com with service to ssh://localhost:22

Apart from what @sdayman mentioned,

You might need to insert no-tls-verify: true.

Dns names are different.

@erictung I’ll try with the suggestion!

Tried this setting as well ! No luck.

1. Is cloudflared tunnel up and running?
2. Did you reload/restart cloudflared for those entries?
3. Can you connect to https://localhost:4434 with curl from that server’s command line?

While doing some investigation we found that the application we are using has their own certificates and they have expired. So we will be generating our own certs and then will test out the argo tunnel.
From the previous answers I presume we will still have to use
no-tls-verify: true .
attribute.
Will update this further once our devop teams is done with the changes.
Thanks for your help so far.
Regards,

Hi it has something to do with the certificate now I am sure,

Here is the part of the config

- hostname: our_dns.com -- also added C_name and created the applicatoin
  service: http://localhost:18080 -- this is where the service is running!

Now we get the error
error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is valid for *.our_dns.com , our_dns.com , not localhost” cfRay=67a724deaddb1d2d-MRS ingressRule=2 originService=https://localhost:18080

Where exactly is the change required. Could some one guide us through this.

@erictung already addressed this:

But you said:

Yet I don’t see Eric’s line here:

And I’m very confused why what you just posted does not match this part of the error message (shows https):

Sorry about that I was trying with both http and https still the issue remains the same

Yes this is applied in the config.

2021-08-06T13:06:52Z ERR error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is valid for *.our_dns.com, our_dns.com, not localhost” cfRay=67a87c213a0832af-HKG ingressRule=2 originService=https://localhost:18080

tunnel: uuid
credentials-file: /root/.cloudflared/uuid.json

ingress:
- hostname: dns.com
service: ssh://localhost:22
- hostname: our.dns.com
service: https://localhost:18080
no-tls-verify: true

This is a “catch-all” rule

- service: http_status:404