Unable to Access Nginx Server via FQDN with SSL on AWS EC2, Despite Cloudflare SSL/TLS Disabled

Hello Cloudflare Community,

I am facing challenges in accessing my Nginx server hosted on an AWS EC2 instance via the Fully Qualified Domain Name (FQDN) with SSL. My setup involves an Ubuntu VM, Nginx server, and domain management through Cloudflare. Despite certain configurations, the FQDN access with SSL is not successful.

Key Details:

Environment: Ubuntu VM on AWS EC2.
Nginx Configuration: Running on public IP, accessible via HTTP (port 80) and HTTPS (port 443).
Domain: biharsamajabudhabi.com, managed through Cloudflare.
SSL/TLS: Let’s Encrypt SSL certificate installed; HTTPS works with direct IP but not with FQDN.

Cloudflare Settings:
Proxy status disabled.
SSL/TLS encryption mode set to ‘Off (not secure)’.
Issue: Inability to access Nginx using https://biharsamajabudhabi.com. The server is reachable via its public IP with HTTPS, but FQDN access fails.

I’ve experimented with both A record (pointing to the EC2 IP) and CNAME record (pointing to EC2 instance’s public DNS ec2-13-201-36-128.ap-south-1.compute.amazonaws.com), but neither resolves the issue.

I am looking for insights or suggestions to identify and fix the underlying problem. Could there be additional settings needed in Cloudflare, or might this be an issue with my AWS or server configuration?

Any advice or guidance would be greatly appreciated. Thank you!

This means that Cloudflare is only acting as your DNS provider.

As such, Cloudflare isn’t able to interfere with any traffic, and therefore should any concerns with accessibility, including troubleshooting of same, be directed towards the hosting provider directly.

Currently, the DNS records for the mentioned domain name, both the naked domain, but also the www variant points towards some Plesk hosting operated by WHG Hosting Services Ltd, perhaps using other trade names, such as e.g. MochaHost.

As this does not sound intentional according to your explanation, I would suggest you to re-check your DNS record(s).

You should switch that one to Full (Strict), and never consider changing it away from that again.