[▲ Vercel Community](/) · [Categories](/categories) · [Latest](/latest) · [Top](/top) · [Live](/live) [Help](/c/help/9) # Cloudflare Proxy 406 views · 0 likes · 16 posts Shadowgaming100 (@shadowgaming100) · 2024-08-21 i have my vercel website with custom domain proxy with cloudflare, when cloudflare proxy in on i get This site can’t provide a secure connection **bootstrap.icons.cdn.mycodelab.is-cool.dev** uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH without cloudflare proxy i can access it normal, i have my ssl config to full i have check the [Documentation ](https://vercel.com/docs/integrations/external-platforms/cloudflare#using-cloudflare-as-a-reverse-proxy) i did all the steps written there and still does not load the website Pauline P. Narvas (@pawlean) · 2024-08-21 Could you share your URL with us to check DNS? I'll also share some similar threads by other users: - https://community.vercel.com/t/cloudflare-dns-with-vercel-hosting/549/4 - https://community.vercel.com/t/cloudflare-proxy-issue/667/8 Shadowgaming100 (@shadowgaming100) · 2024-08-21 https://bootstrap.icons.cdn.mycodelab.is-cool.dev/ Shadowgaming100 (@shadowgaming100) · 2024-08-21 @pawlean here is the picture of my dns records and SSL/TLS encryption config   Pauline P. Narvas (@pawlean) · 2024-08-21 From your screenshot, there's a warning sign next to your CNAME config. What does it say? I also took a look at the [DNS Checker](https://dnschecker.org/#CNAME/bootstrap.icons.cdn.mycodelab.is-cool.dev) and found that your CNAME is not showing up. Shadowgaming100 (@shadowgaming100) · 2024-08-21 This hostname is not covered by a certificate. To ensure full coverage, purchase Advanced Certificate Manager to use Total TLS for full certificate coverage of proxied hostnames. Shadowgaming100 (@shadowgaming100) · 2024-08-21 @pawlean it should never show cname right because of cloudflare proxy Pauline P. Narvas (@pawlean) · 2024-08-21 I think you've got your answer there! Could you get a certificate? Cross-posting this guide in case it's helpful :smiley: https://vercel.com/guides/can-i-use-a-proxy-on-top-of-my-vercel-deployment Shadowgaming100 (@shadowgaming100) · 2024-08-21 but for other hosting providers it still works when on proxy Shadowgaming100 (@shadowgaming100) · 2024-08-21 can you give me an example for this for vercel.json Pauline P. Narvas (@pawlean) · 2024-08-21 Could you try the steps outlined in the Troubleshooting section in the [relevant docs](https://vercel.com/docs/integrations/external-platforms/cloudflare#troubleshooting)? > Both Cloudflare and Vercel utilize the [ACME protocol](https://datatracker.ietf.org/doc/html/rfc8555)—with SSL providers like [Let’s Encrypt](https://letsencrypt.org/)—to issue certificates. To validate domain ownership, the protocol sends an HTTP (not HTTPS) request to `/.well-known/acme-challenge/<id>` on your server. > > Cloudflare has a variety of services that, depending on their configuration, could block the ACME protocol verification checks, resulting in Vercel failing to issue TLS certificates properly: > > * Page Rules > * Access > * Bot Fight Mode > > To avoid disruption, the following path: > > * `http://<YOUR_DOMAIN>/.well-known/acme-challenge/*` > > Must be excluded from page rules, bot protection, or bypassed inside Access. Shadowgaming100 (@shadowgaming100) · 2024-08-22 it already has a certificate because when i unproxy and check using sslchecker it shows that it already has a certificate i have no rules and i have disabled features that will block it Shadowgaming100 (@shadowgaming100) · 2024-08-24 @pawlean hello? Is there any solution Pauline P. Narvas (@pawlean) · 2024-08-24 Could you try disabling any setting you have on Cloudflare? For example: https://community.vercel.com/t/cloudflare-proxy-issue/667/17 Shadowgaming100 (@shadowgaming100) · 2024-08-25 @pawlean i have done that already and it does not work Shadowgaming100 (@shadowgaming100) · 2024-08-27 @pawlean hello? I am waiting for a response
