SSL_ERROR_NO_CYPHER_OVERLAP when using nested sub-domains with tunnels.
When creating a route with a tunnel as
api.foo.bar.com I get a SSL_ERROR_NO_CYPHER_OVERLAP error when attempting to connect, but foo.bar.com works fine, any suggestion as to what might need to be configured?4 Replies
You only get issued a Universal Certificate per domain without paying for Advanced Certificate Manager (ACM), the Universal Cert is just
*.bar.com, bar.com, and wildcards in certificates only work for that level. In other words, you're missing a valid certificate to use for any deeper subdomains. You could just use api-foo.bar.com, or buy ACM and manually issue a certificate for that (or enable Total TLS, a feature of ACM, which automagically issues certs for every dns record)Can i configure the certs when using zero-trust tunnels?
The certificates I'm talking about are Edge Certificates, managed/controlled by Cloudflare. Tunnels require proxy enabled/cloudflare's CDN to work. The answer is no, basically. The only way you can get a deeper subdomain to work is have a valid edge cert. covering it, by buying ACM
Right, makes sense, thanks!