Hello I have an issue setting up

Hello I have an issue setting up Cloudflare pages, my setup is as follow: I have two Cloudflare accounts, (account A) holds the pages deployment, and (account B) has my domain (DNS records). I have also cross-account setup, such that adding custom domain in pages on account A, will auto add DNS record in account B. everything goes smoothly, when I access my website from pages deployment URL, but when I access from custom domain URL, I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH I have been struggling for many days, any help is much appreciated
9 Replies
hmz
hmzOP12mo ago
Sorry for the tag, @Chaika I see you have been helping many others with the same issue. please have a look at your convenience. 🙏🏻 - pages URL (working): https://forest-landing.pages.dev - custom domain (not working): https://forest.chainsafe.io/
Chaika
Chaika12mo ago
ERR_SSL_VERSION_OR_CIPHER_MISMATCH means there's no ssl cert issued Check over https://developers.cloudflare.com/pages/configuration/debugging-pages/#missing-caa-records Specifically the CAA part
;; ANSWER SECTION: chainsafe.io. 300 IN CAA 0 issue "comodoca.com" chainsafe.io. 300 IN CAA 0 issue "digicert.com" chainsafe.io. 300 IN CAA 0 issue "letsencrypt.org" chainsafe.io. 300 IN CAA 0 issuewild "amazon.com" chainsafe.io. 300 IN CAA 0 issuewild "amazonaws.com" chainsafe.io. 300 IN CAA 0 issuewild "amazontrust.com" chainsafe.io. 300 IN CAA 0 issuewild "awstrust.com" chainsafe.io. 300 IN CAA 0 issuewild "comodoca.com" chainsafe.io. 300 IN CAA 0 issuewild "digicert.com" chainsafe.io. 300 IN CAA 0 issuewild "letsencrypt.org"
You're missing pki.goog
Debugging Pages · Cloudflare Pages docs
When setting up your Pages project, you may encounter various errors that prevent you from successfully deploying your site. This guide gives an …
hmz
hmzOP12mo ago
Awesome, thanks for the quick check, I will add the CAA and see. @Chaika a quick question please, should I add all 8 CAA records for my subdomain forest.chainsafe.io? or just adding the missing pki.goog for the root domain chainsafe.io is enough?
Chaika
Chaika12mo ago
You've already got all of the other ones as far asI can see. Pages itself only uses Let's Encrypt or GTS/pki.goog oh you mean specifically for that subdomain, CAA works recursively, since there's nothing on forest it uses the ones on chainsafe.io So you can just add pki.goog to root. I would then wait a few mins and readd the custom domain and see
hmz
hmzOP12mo ago
ok got it, I will add below two missing CAAs for root domain, and expect the custom domain forest.chainsafe.io gets SSL cert. 1. CAA chainsafe.io issue pki.goog 2. CAA chainsafe.io issuewild pki.goog
Chaika
Chaika12mo ago
You don't need the issuewild but it won't hurt. I would also remove and readd the pages Custom domain the Pages Custom Domain tab, otherwise, if it's been more then 7 days it's already given up, even if it hasn't been it's still way slower as it exponentially falls off in retry intervals overtime: https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/backoff-schedule/ Removing, readding, would reset that
Backoff schedule | Hostname validation · Cloudflare for Platforms d...
After you create a custom hostname, Cloudflare has to validate that hostname.
hmz
hmzOP12mo ago
one last question, how do I define this value cansignhttpexchanges=yes as I see in the dig output of CAAs? or it is will be add automatically?
Chaika
Chaika12mo ago
don't need it for Pages. Some DNS Providers may not support it with their editors
hmz
hmzOP12mo ago
you are awesome 🙏🏻 , the pages custom domain is up https://forest.chainsafe.io/
Want results from more Discord servers?
Add your server