R2 + Workers: SSL Connection Failures on Specific ISPs

Users on specific ISPs in UK and US are experiencing SSL connection errors when accessing assets from our R2 storage through Cloudflare Workers. Setup Details - Domain: domain.com - Using Cloudflare R2 for storage - Cloudflare Worker handling asset requests - SSL/TLS mode: Full - Universal SSL certificate for .tryflowdrive.com - Assets are served through Worker route: files.domain.com/ Error Messages on thier end 1. Safari: "Can't establish a secure connection to the server" 2. Chrome: "Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made" For many it works fine, but some see those errors. Troubleshooting Done - Works fine through VPN - Works fine on mobile data - Works fine on some WiFi networks (e.g., public WiFi) - Fails consistently on specific ISPs - Added all recommended security headers - Configured proper CORS and connection headers Headers Currently Set
headers.set('Access-Control-Allow-Origin', '*');
headers.set('Access-Control-Allow-Methods', 'GET, HEAD, OPTIONS');
headers.set('Access-Control-Max-Age', '86400');
headers.set('X-Content-Type-Options', 'nosniff');
headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
headers.set('Cross-Origin-Resource-Policy', 'cross-origin');
headers.set('Accept-Ranges', 'bytes');
headers.set('Connection', 'keep-alive');
headers.set('Keep-Alive', 'timeout=60');
headers.set('Transfer-Encoding', 'chunked');
headers.set('Access-Control-Allow-Origin', '*');
headers.set('Access-Control-Allow-Methods', 'GET, HEAD, OPTIONS');
headers.set('Access-Control-Max-Age', '86400');
headers.set('X-Content-Type-Options', 'nosniff');
headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
headers.set('Cross-Origin-Resource-Policy', 'cross-origin');
headers.set('Accept-Ranges', 'bytes');
headers.set('Connection', 'keep-alive');
headers.set('Keep-Alive', 'timeout=60');
headers.set('Transfer-Encoding', 'chunked');
Questions 1. Are there known issues with specific ISPs and R2/Worker combinations? 2. Any recommended configuration changes for better ISP compatibility? 3. Any additional debugging steps we should take? 4. Are there any Cloudflare features we should enable/disable to help with ISP compatibility?
2 Replies
Erisa
Erisa3d ago
which isps?
Manuel Ogomigo
Manuel OgomigoOP3d ago
EE/BT UK but I don't know the ones from the US yet that users are having issues iwth I'm now getting the conneciton used to fetch this request is not secure on Firefox on my end NXDOMAIN error

Did you find this page helpful?