I’m having this exact same issue: Traefik will not use Cloudflare origin certificate
Unfortunately, the blog post that the author links to seems to be down. @shsurf, how did you solve it?
Your issue might be similar, but I am sure your Traefik config is not the same.
Share your config. Enable Traefik debug log (doc) and Traefik access log in JSON format (doc).
I was getting ready to share all those logs, but I actually ended up solving it!
In the cloudflare tunnel TLS settings, there is a setting called "Match SNI to Host." Enabling that makes things works. Docs here: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/#matchsnitohost
Looks like without it, cloudflared just sends whatever is in Origin Server Name. Using Match SNI to Host means I can host multiple TLS protected sites from the same reverse proxy. I actually unset Origin Server Name entirely, the Match SNI to Host option overwrites it.
So it wasn’t a traefik issue at all. SNI mixed with my limited understanding. But it’s working now, and, more importantly, I learned something!
1 Like
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.