cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
3.6 KiB
RPC Endpoint SSL Issue - Summary
Date: 2026-01-04
Endpoint: rpc.public-0138.defi-oracle.io
Issue: SSL handshake failure (error 35)
Current Status
Test Results
# HTTP (port 80) - Redirects to HTTPS
curl rpc.public-0138.defi-oracle.io
# Result: 301 Moved Permanently → https://rpc.public-0138.defi-oracle.io/
# HTTPS (port 443) - SSL Handshake Failure
curl https://rpc.public-0138.defi-oracle.io
# Result: SSL handshake failure (error 35)
Root Cause
Multi-level Subdomain SSL Certificate Issue
The hostname rpc.public-0138.defi-oracle.io is a 3-level subdomain:
- Level 1:
rpc - Level 2:
public-0138 - Level 3:
defi-oracle.io
Cloudflare's Universal SSL certificate only covers:
- Apex domain:
defi-oracle.io✅ - One-level subdomains:
*.defi-oracle.io✅ - NOT multi-level subdomains:
rpc.public-0138.defi-oracle.io❌
Configuration Status
✅ Correctly Configured
-
DNS Record: ✅ Proxied (orange cloud)
- Type: CNAME
- Target:
26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com - Proxy: Enabled
-
Tunnel Configuration: ✅ Correct
- Tunnel ID:
26138c21-db00-4a02-95db-ec75c07bda5b - Route:
rpc.public-0138.defi-oracle.io→http://127.0.0.1:80 noTLSVerify: true(correct for HTTP origin)
- Tunnel ID:
-
Nginx Configuration: ✅ Correct
- Routes HTTP →
127.0.0.1:8545 - Routes WebSocket →
127.0.0.1:8546
- Routes HTTP →
❌ Missing Configuration
SSL/TLS Certificate: Multi-level subdomain not covered by Universal SSL
Solutions
Option 1: Enable Total TLS (Recommended)
Total TLS automatically issues individual certificates for proxied hostnames not covered by Universal SSL.
Via Cloudflare Dashboard:
- Go to SSL/TLS → Edge Certificates
- Scroll to Total TLS section
- Click Enable Total TLS
- Wait 5-15 minutes for certificate issuance
Via API (if available):
# Note: API endpoint may vary, check Cloudflare API docs
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/{zone_id}/ssl/universal/settings" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"enabled": true}'
Option 2: Use Different Subdomain Structure
Change DNS record to use a single-level subdomain:
- Current:
rpc.public-0138.defi-oracle.io(3 levels) - Alternative:
rpc-public-0138.defi-oracle.io(2 levels) ✅
This would be covered by Universal SSL.
Option 3: Upload Custom Certificate
Upload a custom SSL certificate that covers the multi-level subdomain.
Recommended Action
Enable Total TLS in Cloudflare Dashboard:
- This is the cleanest solution
- Automatically handles all multi-level subdomains
- No DNS changes needed
- No certificate management required
Verification
After enabling Total TLS, test the endpoint:
# Test HTTPS endpoint
curl -X POST https://rpc.public-0138.defi-oracle.io \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# Expected: {"jsonrpc":"2.0","id":1,"result":"0x8a"}
Current Workaround
If you need immediate access, you can use --insecure flag (not recommended for production):
curl --insecure -X POST https://rpc.public-0138.defi-oracle.io \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
Note: This bypasses SSL verification and should only be used for testing.
Last Updated: 2026-01-04
Status: SSL certificate issue identified, Total TLS recommended