Full (Strict) Breaks things... but... why?
I'm troubleshooting why Cloudflare "Full (Strict)" SSL mode fails for one domain (domainA.com) but works for another (domainB.com).
Both are:
-Using wildcard certs from the same public CA (e.g., Starfield)
-Served via the same HAProxy host with identical config
-Using the same certificate chain (intermediate + root) in the .pem
-Valid per openssl s_client -connect ... -servername ... -showcerts — chain is complete and verification succeeds
The only difference is the cert/key pair, as expected. I’ve also tested .pem files with and without PKCS#12 bag attributes — behavior is unchanged. From the TLS handshake perspective, both sites look identical and valid.
Any ideas why Strict SSL would accept one but reject the other?
Both are:
-Using wildcard certs from the same public CA (e.g., Starfield)
-Served via the same HAProxy host with identical config
-Using the same certificate chain (intermediate + root) in the .pem
-Valid per openssl s_client -connect ... -servername ... -showcerts — chain is complete and verification succeeds
The only difference is the cert/key pair, as expected. I’ve also tested .pem files with and without PKCS#12 bag attributes — behavior is unchanged. From the TLS handshake perspective, both sites look identical and valid.
Any ideas why Strict SSL would accept one but reject the other?
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Recent Announcements
Similar Threads
Was this page helpful?
