Curl http request time out

In http request it working fine (local environment), but when I change to cloudflare Full (strict), it return error of time out. I try to add my ssl certificate config, but still not working!

nginx/Site-enabled

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;

POST request

      public function applyFabricToken()
      {
        $ch = curl_init();
  
        $headers = array(
          "Content-Type: application/json",
          "X-APP-Key: " . $this->fabricAppId
        );
  
        curl_setopt($ch, CURLOPT_URL, $this->BASE_URL . "/payment/v1/token");
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_HEADER, 0);
  
        $payload =  array(
          "appSecret" => $this->appSecret
        );
  
        //print_r(json_encode($payload));exit;
        $data = json_encode($payload);

        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        //curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);// for dev env
        //curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); // for dev environment only
        // Enable SSL verification for production
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        //curl_setopt($ch, CURLOPT_SSLCERT, '/path/to/your/client_cert.pem'); 
       //curl_setopt($ch, CURLOPT_SSLKEY, '/path/to/your/client_key.pem'); 

  
  
        // Timeout in seconds
        curl_setopt($ch, CURLOPT_TIMEOUT, 30);
  
        $authToken = curl_exec($ch);
  
        return $authToken;
      }

When you’re encountering a timeout issue with a cURL request after switching to Cloudflare Full (Strict) SSL, there are several factors to consider. Here are some troubleshooting steps and adjustments to your cURL configuration that might help resolve the issue:

1. Check SSL Configuration

Ensure that your SSL certificate is properly set up and that Cloudflare can validate it. Here are some steps:

  • Certificate Chain: Ensure that your server provides the full certificate chain. Sometimes missing intermediate certificates can lead to SSL verification failures. You can use tools like SSL Labs to check your certificate configuration.
  • Correct Paths: Make sure the paths to your SSL certificate and key in your Nginx configuration are correct.

2. Firewall and Security Settings

Check your server firewall and Cloudflare settings. Ensure that:

  • Cloudflare IPs are whitelisted on your server.
  • Port 443 (for HTTPS) is open on your server.

3. Adjust cURL Settings

Since you’re running in a production environment, here are some adjustments to consider:

  • Enable cURL Error Reporting: This will help you debug the issue:
curl_setopt($ch, CURLOPT_VERBOSE, true);

Increase Timeout: If the request is taking longer than expected, try increasing the timeout value:

curl_setopt($ch, CURLOPT_TIMEOUT, 60); // or higher

4. cURL SSL Options

You already have SSL verification enabled, which is good. However, if you’re using client certificates, you need to set them up correctly:

  • If you need to provide a client certificate, ensure that you have the correct paths:
curl_setopt($ch, CURLOPT_SSLCERT, '/path/to/your/client_cert.pem');
curl_setopt($ch, CURLOPT_SSLKEY, '/path/to/your/client_key.pem');

5. Testing Outside of Cloudflare

To isolate whether the issue is with Cloudflare or your server:

  • Direct Access: Temporarily bypass Cloudflare (by changing the DNS record to point directly to your server’s IP) and see if the cURL request succeeds. If it does, the issue is likely related to Cloudflare.

6. Check Logs

Check your server logs (Nginx logs) for any specific errors or details when the cURL request times out. This can provide insights into whether the request is reaching your server.

7. Cloudflare Configuration

In the Cloudflare dashboard, check the following:

  • SSL/TLS Settings: Ensure it’s set to “Full” or “Full (strict)”.
  • Firewall Rules: Ensure there are no firewall rules blocking the request.
  • Page Rules: Check if there are any page rules that might interfere with the request.

8. Alternative Testing Tools

To further diagnose the issue, consider using other tools such as Postman or command line curl to make similar requests and see if they encounter the same timeout.

Example cURL Command Line

Try running a similar cURL command directly in your terminal to check if it works:

curl -X POST https://yourdomain.com/payment/v1/token \
-H "Content-Type: application/json" \
-H "X-APP-Key: your_app_key" \
-d '{"appSecret":"your_app_secret"}' --verbose