How are you using Cloudflare, and what are you serving the lemmy instance on? I'm guessing it is due to the ssl mode chosen as said before
this post was submitted on 05 Jul 2025
6 points (80.0% liked)
Selfhosted
49084 readers
668 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
I'm using it to set a tunnel, and lemmy instance is yunohost. since my domain is on porkbun, it says now "parked on the bun"
You want to use flexible ssl/tls for starters, doubtful it will work otherwise. Log in to cloudflare, choose domain, then SSL/TLS and see if encryption is set to flexible. See what that gets you, though it can take 15 mins for effects to show up. As long as the server can be reached cloudflare will try and match a certificate so lemmy gets served, as long as the server is set up correctly and the ports etc. are correctly forwarded and open
I'm not familiar enough with Cloudflare's error messages
or deployment with Cloudflare
to know what exact behavior that corresponds to, but I'd guess that most likely it can open a TCP connection to port 443 on what it thinks is your server, but it's not getting HTTPS on that port or your server isn't configured to serve up the right certificate for that hostname or the web server software running on it is otherwise broken. Might be some sort of intervening firewall.
I don't know where your actual server is, may not even be accessible to me. But if you have a Linux machine that can talk to it directly -- including, perhaps, the server itself -- you should be able to see what certificate it's handing back via:
$ openssl s_client -showcerts -servername akaris.space IP-address-of-actual-server:443
That'll try to establish a TLS connection, will send the specified server name so that if you're using vhosting on the server, it knows which site to return, and then will tell you what certificate the web server used. Would probably be my first diagnostic step if I thought that there was a problem with the TLS handshake on a machine I was running.
That might provide enough information to you to let you resolve the issue yourself.
Beyond that, trying to provide much more information probably isn't possible without more information about how your server is set up and what actually is working. You can censor IP addresses if you want to keep that private.
https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/ you could use a less strict mode here
I have, thanks, now it shows "parked on the bun"