Using Cloudflare CDN with Google Cloud Storage

I’m having a similar issue to what pselden4 posted in the following support item: Using Cloudflare CDN + HTTPS with Google Cloud Storage

I see that his CDN is accessible through https://cdn.stellarguard.me and looks similar to how my HTTP version looks: 34.102.183.1

Right now, when I attempt to access my cdn subdomain of aquaextensions, I receive the following error:

Error 525 Ray ID: 51947b224ff9c887
SSL handshake failed

And when I attempt to visit the HTTPS version of the Load Balancer IP Address (https:// + 34.102.183.1) I receive the following error in Chrome:

This site can’t provide a secure connection
34.102.183.1 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What was changed to allow him to get this working? Or am I jumping the gun because Google has not finished setting up the certificate yet? And if the latter is this case, why does Google still report the domain status as FAILED_NOT_VISIBLE?

Any assistance would be much appreciated. Thank you!

Since nobody has replied…I wouldn’t take test results of connecting directly to the IP address as indicative of how the hostname would reply. Certs are rarely valid for the IP address.

What does “Learn More” tell you? If I were to guess, it’s because it’s proxied by Cloudflare, and Google doesn’t recognize the Cloudflare proxy as making the origin visible.

As always, I recommend getting it working before putting Cloudflare in front of it, so set it to :grey: and see if you can get it working that way.

@sdayman, I apologize for the delay as I was not notified of your response. Thank you for responding though, as I’m trying to set up a pre-existing WordPress site with over 8k users, 15k orders, and numerous plugins in the most efficient way possible. (And I was instructed that CloudFlare and its DNS services provided the fastest connection time.)

Setting the A record to non-proxied would mean that GCP would see the A record as it’s supposed to be, correct (the IP of the Load Balance Service)? If so, I’ll turn it off now, wait for the DNS to propagate, and once it does, I’ll attempt to reissue the certificate through Google.

After that, is there any additional measures you think I should take? Or should I comment back with the results? Thank you again for your assistance!

@sdayman,

One last thing, when I click the Learn More link, I’m redirected to this page.

Even though the Certificate is still shown as provisioning, the domain status of FAILED_NOT_VISIBLE provides the following information (as per that page).

The status FAILED_NOT_VISIBLE indicates that certificate provisioning failed for a domain because of a problem with DNS or the load balancing configuration. Make sure that DNS is configured so that the certificate’s domain resolves to the IP address of the load balancer.

This topic was automatically closed after 30 days. New replies are no longer allowed.