CD
Cloudflare Developers6mo ago
hmz

Hello I have an issue setting up

Hello I have an issue setting up Cloudflare pages, my setup is as follow: I have two Cloudflare accounts, (account A) holds the pages deployment, and (account B) has my domain (DNS records). I have also cross-account setup, such that adding custom domain in pages on account A, will auto add DNS record in account B. everything goes smoothly, when I access my website from pages deployment URL, but when I access from custom domain URL, I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH I have been struggling for many days, any help is much appreciated
9 Replies
hmz
hmz6mo ago
Sorry for the tag, @Chaika I see you have been helping many others with the same issue. please have a look at your convenience. 🙏🏻 - pages URL (working): https://forest-landing.pages.dev - custom domain (not working): https://forest.chainsafe.io/
Chaika
Chaika6mo ago
ERR_SSL_VERSION_OR_CIPHER_MISMATCH means there's no ssl cert issued Check over https://developers.cloudflare.com/pages/configuration/debugging-pages/#missing-caa-records Specifically the CAA part
;; ANSWER SECTION: chainsafe.io. 300 IN CAA 0 issue "comodoca.com" chainsafe.io. 300 IN CAA 0 issue "digicert.com" chainsafe.io. 300 IN CAA 0 issue "letsencrypt.org" chainsafe.io. 300 IN CAA 0 issuewild "amazon.com" chainsafe.io. 300 IN CAA 0 issuewild "amazonaws.com" chainsafe.io. 300 IN CAA 0 issuewild "amazontrust.com" chainsafe.io. 300 IN CAA 0 issuewild "awstrust.com" chainsafe.io. 300 IN CAA 0 issuewild "comodoca.com" chainsafe.io. 300 IN CAA 0 issuewild "digicert.com" chainsafe.io. 300 IN CAA 0 issuewild "letsencrypt.org"
You're missing pki.goog
Debugging Pages · Cloudflare Pages docs
When setting up your Pages project, you may encounter various errors that prevent you from successfully deploying your site. This guide gives an …
hmz
hmz6mo ago
Awesome, thanks for the quick check, I will add the CAA and see. @Chaika a quick question please, should I add all 8 CAA records for my subdomain forest.chainsafe.io? or just adding the missing pki.goog for the root domain chainsafe.io is enough?
Chaika
Chaika6mo ago
You've already got all of the other ones as far asI can see. Pages itself only uses Let's Encrypt or GTS/pki.goog oh you mean specifically for that subdomain, CAA works recursively, since there's nothing on forest it uses the ones on chainsafe.io So you can just add pki.goog to root. I would then wait a few mins and readd the custom domain and see
hmz
hmz6mo ago
ok got it, I will add below two missing CAAs for root domain, and expect the custom domain forest.chainsafe.io gets SSL cert. 1. CAA chainsafe.io issue pki.goog 2. CAA chainsafe.io issuewild pki.goog
Chaika
Chaika6mo ago
You don't need the issuewild but it won't hurt. I would also remove and readd the pages Custom domain the Pages Custom Domain tab, otherwise, if it's been more then 7 days it's already given up, even if it hasn't been it's still way slower as it exponentially falls off in retry intervals overtime: https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/backoff-schedule/ Removing, readding, would reset that
Backoff schedule | Hostname validation · Cloudflare for Platforms d...
After you create a custom hostname, Cloudflare has to validate that hostname.
hmz
hmz6mo ago
one last question, how do I define this value cansignhttpexchanges=yes as I see in the dig output of CAAs? or it is will be add automatically?
Chaika
Chaika6mo ago
don't need it for Pages. Some DNS Providers may not support it with their editors
hmz
hmz6mo ago
you are awesome 🙏🏻 , the pages custom domain is up https://forest.chainsafe.io/
Want results from more Discord servers?
Add your server
More Posts
Is it possible to get Wrangler to reference source file names, not compiled ones, when error'ing?See screenshot. This makes it quite hard to debug since I don't know what file the error happens in Implementing Barcode scanning on my WebisteHey i tried implementing QuaggaJS and Instascan. Nothing worked out. Would be nice if someone could pages-action branch preview URLIs it possible to grab the branch preview URL out of `cloudflare/pages-action`? I'm trying to simulaProblem with multiple files (like default router/proxy template) and NPM install &/or worker deployI'm trying to setup a worker with separate /path functions as separate files just like the router/prBindings not available at build timeI have a SvelteKit app that has some prerendered api/page routes. These routes should ideally be renNodemailerHey everyone, I've got a website that deploys to Cloudflare Pages but ever since I've added a form tHow to fix this error?I can't solve this problem. Please help anyone Error code is 1010node:crypto functionsI'm trying to use node:crypto functions in my code, but I am receiving errors. I get the error attacProduction Users Getting cf-mitigated headerHi, some of our users are getting the `cf-mitigated = "challenge"` header. My understanding is that Connecting GCP and AzureOur company is planning on deploying managed GKE Kubernetes in GCP and a few managed databases (SQL