tried

Doesnt work either for some reason

had errors from it everywhere about origin license being for *.dom.tld instead of localhost

Yea, the server_name directive looks at the host header/sni, the same way CF is able to host a ton of websites on the same IPs/ports

You can just override that, no tls verify or change the originName (the name it expects on the cert)

Ill try out the server_name you mentioned first

You don't really need https if it's the same machine either with CF Tunnels, as it's Client -> Cloudflare Edge -> Tunnel -> cloudflared -> local configured service If the cloudflared daemon/service is on the same machine/local network as the web server service, there's no point in https

but yea, there's a lot of ways to skin a cat, CF Tunnels, nginx w/ different ports & origin rules, or server_name directives all work

Passbolt requires it I think

Why does visiting

https://www.ai.moda/android-chrome-512x512.png

work, but my `site.webmanifest`fails to load the exact same URL?

it requires a service worker for that image to be loaded iirc 😐

even though you don't need a service worker

it works on localhost without a service worker

I'm thinking it's some CORP issue

very likely.

could uninstall

localhost

😐

wat

oh I think this is just an issue with devtools, not an actual issue

hey, our cloudflare issued ssl expired with nameservers unchanged, how can I resolve this asap?

Just linked a third party service to my domain and it has deployed a certificate that’s trusted by all browsers (unproxied DNS), yet if I enable SSL full strict and proxy it, Cloudflare says it’s an invalid SSL. Help.

Are you sure it's Cloudflare's, or is it your origin web servers? If you get the green lock but a Cloudflare-branded "Invalid SSL Certificate.." page, it's your origins (the web server behind Cloudflare) Could you share the domain? I would also check under SSL -> Edge Certs to see if it's been renewed/ timed out, etc Magic Link: https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

That's interesting... a good debugging step would probably be to switch it to Full instead of Full (Strict), Full accepts any certificate at all (expired, self-signed, etc), it's not secure but would give a bit more insight on the issue. What's the name of the third party service?

MyWebForum.com

I’ve just changed it to Full for that subdomain and now it works.

But it was definitely trusted before it was proxied.

I wonder if Cloudflare only accepts ones from certain providers if set to Full Strict.

If it's accepted by your browser, as long as it's serving the same one to Cloudflare, it should also be accepted Full over Full Strict requires: The cert to be unexpired Issued by a publicly trusted CA (looks like you can find the ones they trust here: https://github.com/cloudflare/cfssl_trust) or a Cloudflare Origin Cert And the common name or San must match the requested or target hostname

what the heck

there's a bug with transfering a domain