Hello,
I followed the other threads on using a Cloudflare domain with Fly.io and it works when the proxy status is set to DNS Only. I have two Fly.io certificates generated (*.assassinsgame.cc and assassins game.cc), and 5 DNS entries:
- A: * → 137.66.21.18
- A: assassinsgame.cc → 137.66.21.18
- AAAA: * → 2a09:8280:1::6:713e
- AAAA: assassinsgame.cc → 2a09:8280:1::6:713e
- CNAME: _acme-challenge → XXXX.flydns.net
I have disabled Universal SSL, and I get the same error regardless of which SSL mode I set Cloudflare to, but it is currently set to “Full”.
curl gives the error curl: (35) error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure
openssl s_client -connect assassinsgame.cc:443 gives the error
CONNECTED(00000005)
4338632236:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40
4338632236:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:585:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1663750242
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---