Worker doesn't support SSL, no documentation, no response from support

I’m in the process of publish a website to cloudflare’s edge using Wrangler and Cloudflare’s workers. I’ve been doing testing (mostly) without issue on a .workers.dev domain, and when I was using that domain SSL was enabled and redirected to by default.

Now I’m trying to publish my site to a custom domain on my CF account, using the options described in the docs for wrangler, and SSL/HTTPS does not want to work. I can access the HTTP version of the site just fine, but the HTTPS version of the site returns a ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. I verified the routes are setup to correctly send all requests to the worker irregardless of http vs https.

The issue is that there’s no documentation on the options or default behavior for SSL on Cloudflare workers. That would lead me to assume that CF would use an automatically generated SSL cert for the routes published by my worker, but that doesn’t seem to have happened, and as such I’m getting this error. Frustratingly there is absolutely no mention of SSL in the worker or wrangler docs (https://developers.cloudflare.com/workers/) so it’s hard to know what’s supposed to be happening and what might be wrong.

I’ve been unable to find any other information, other than this thread (My workers can not work) which addresses a similar issue and recommends contacting support, so that’s the only option I seem to have. I opened a ticket with CloudFlare but haven’t heard back for a few days. As someone who’s paying for a workers subscription, it’s a bit frustrating that it doesn’t (pardon the pun) work, and that I cant seem to get any support for the service I’m paying for.

Any recommendations would be very much appreciated!

You didn’t mention the hostname, so we can’t troubleshoot, but I bet it’s Section 3 in this #CommunityTip

1 Like

Thanks for the article, in this case I had a two-deep subdomain (www.subdomain.example.com), which I didn’t realize was illegal. That would explain my issue!

Thanks!

2 Likes

Thanks, I had the same issue and didn’t realize that two-level subdomains aren’t working here. There should be a warning somewhere.

It’s listed with the certificate under SSL/TLS.

I’m not sure what you mean. There is no related info in your screenshot.

Cloudflare has lots of functionality by now. Last time I’ve modified the SSL settings for my site must have been two years ago.

While creating a new DNS entry for the worker or creating the worker itself I’m not anywhere near that site and won’t see that info. It’s just not obvious nor easy to find once you run into that issue, e.g. by looking up the error code.

My screenshot shows you what the Universal certificate covers: *.example.com, and example.com. It doesn’t go deeper than the first subdomain.

Given the new concept of “serverless”, users in this realm won’t have had to deal with how to generate certificates for their site and what those certs cover. What makes it even more confusing is the default Worker hostnames: sub.yours.workers.dev. I don’t use those, but I suspect Cloudflare generates certs for *.yours.workers.dev

Ah I see. That’s quite obscure though. * typically means “anything”.

1 Like