I am trying to set up Argo Tunnel with multi-level subdomain of the form
foo.bar.example.com. Following the documentation (https://developers.cloudflare.com/argo-tunnel/reference/tiered-subdomains/), I have obtained a certificate from Cloudflare that covers
*.bar.example.com, and replaced certificate and private key in the certificate file generated by
cloudflared tunnel login.
I am trying to test the tunnel using
cloudflared tunnel --hello-world --origincert cert.pem --hostname foo.bar.example.com. I can connect to the
http://foo.bar.example.com, but the connection over HTTPS does not work. I get the following error (using
curl -vv https://foo.bar.example.com):
* Trying 18.104.22.168:443... * TCP_NODELAY set * Connected to foo.bar.example.com (22.214.171.124) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS alert, handshake failure (552): * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure * Closing connection 0 curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
When I use a single-level domain, e.g.
foo.example.com, then both HTTP and HTTPS work fine.