Linuxserver/swag.. Can get a cert, but cannot reach park page

OK, I for the life of me have never encountered this and am confused as hell. Helping a friend set up a domain. Domain is routed through cloudflare and is active on his cloudflare account… domain responds to pings

First, his swag compose… ---version: "2.1"services: swag: image: ghcr.io/linuxserver/swag - Pastebin.com

Obviously it initially failed, so he edited his cloudflare.ini with his API token and email.

Router settings are Pic 1, cloudflare A record and CNAME are pic 2 (other than IP/domain… his exactly matches mine, which works fine).

https://drive.google.com/drive/folders/1gfLGXkwdCMpVEtuXRxosKpLmaXd2YCen?usp=sharing

Then redeployed the stack. No errors, etc. swag successfully gets a cert. Successfully received certificate.Certificate is saved at: /etc/letsencrypt/li - Pastebin.com

However, he (and me for that matter) always gets a connection refused when going to www.his-domain.xyz. He’s tried from his local network, as well as using his cell data plan, and never gets to the secured park page. If he goes to https://his-server.ip:444 , he gets the swag park page it’s obvbiously just unsecured. This to me says swag is working properly. He’s getting a cert, which would suggest his port fwarding and cloudflare panel are set correctly…

Anyone got an idea here? Could this be ISP related? Best I can tell there’s no other firewalls, etc. running on his system (definitely not on the server)

Any help or suggestions would be greatly appreciated.