Looking for details on OTA handshake

[mbratch]

I used to have my website URL configured using a simple dynamic DNS service. I have my device's firmware files on my server, and I was able to use the ESP-IDF OTA functions to do a firmware update by accessing the firmware file at a URL pointing to my website.

I recently changed internet services and they don't allow my to use dynamic DNS. So I am using Cloudflare(.com) tunneling service to enable access to my web server via the URL I have defined. However, the OTA function `esp_https_ota_begin` fails with an error code indicating it cannot access the URL.

I suspect that Cloudflare might be blocking it based upon the user agent setting but that's just a guess.

My question is: is there a detailed description somewhere, or message diagram, showing the details of the OTA protocol with the server? I need something to help debug the issue.

Thank you!

[MicroController]

I don't think there's any special protocol involved. It should be a "plain" HTTPS GET. The S in HTTPS would be my suspect #1 when using some sort of intermediary server which may not match the TLS certificate in use/expected, or may not use a recognized root CA.

[mbratch]

I don't think there's any special protocol involved. It should be a "plain" HTTPS GET. The S in HTTPS would be my suspect #1 when using some sort of intermediary server which may not match the TLS certificate in use/expected, or may not use a recognized root CA.

Thanks! I rather thought that was the case. After more debugging I found a security option I needed to set. I had just upgraded from ESP-IDF 5.0 to 5.1.1 and the latter is more strict on security options.