Skip to main content

Cloudflare cPanel SSL Issue

Comments

11 comments

  • Jcats
    What is your domain? You can private message me if you don't want it seen by all.
    0
  • rseiler
    Which is apparently called a "conversation" here, but I see no way of starting one. Can you send one to me?
    0
  • Jcats
    Hmm guess you can't :( "You may not start a conversation with the following recipients: rseiler." Question, when you go to "Crypto" tab in CloudFlare, does it actually say "Active Certificate". ? As far as installing the origin certificate, its very easy, just use CloudFlare's default so click: Create certificate - In the popup leave everything as is and click Next Then copy the first box Origin Certificate into WHM > Install an SSL certificate > Certificate box Then click "autofill by certificate". Change the domain to 'domain.com' and below where you pasted the certificate it should say something like: Domains: [LIST]
  • CloudFlare Origin Certificate
  • *.domain.com
  • domain.com so it will work on www as well even if you just place in 'domain.com'. then copy / paste the Private key from CloudFlare into the second box in WHM > Install an SSL certificate > Private Key: You do NOT need an intermediate certificate as the SSL is only going to communicate back with CloudFlare's servers so browser compatibility isn't a worry here. In the Crypto tab in CloudFlare, set it to Strict. This should be all you need to do. If no go here: SSL Checker - SSL Certificate Verify and paste the results
  • 0
  • rseiler
    It does say Active Certificate, in green. And that Origin certificate is also visible down to the client (Ctrl-Shift-I, Security -- in Chrome, for example), which I'm not sure should be the case normally (I expected it to be more or less a private cert between CF and the origin server and for CF to present some other one to clients). The procedure you mentioned sounds like an abbreviated version of what I did in the first link in my top post. If you think that procedure has a flaw (and at this point I'm hoping it does), then I'd be glad to start over again. Try PM'g again please, as I found a place in Privacy where receiving them was still off. Still don't see where I can send them from, as that's extremely well hidden.
    0
  • Infopro
    New users with less than 5 posts are not able to have private conversations due to spamming. Have you contacted Cloudflare about your issue?
    0
  • rseiler
    Yes, that's ongoing, but it's a very slow process, and since so much of this ultimately involves cPanel, I suspect in the end that they'll refer me here.
    0
  • Infopro
    I've never heard of Cloudflare being slow to respond to support requests.
    0
  • rseiler
    Maybe there's a difference with Free users, which understandably they seem to limit to about a 1-day interval.
    0
  • rseiler
    Then copy the first box Origin Certificate into WHM > Install an SSL certificate > Certificate box

    Forgot to mention that we don't use WHM (or, at least, our provider doesn't provide access), but what you're describing sounds much the same as the Cpanel route taken (SSL icon there), as shown in the first link. You do NOT need an intermediate certificate as the SSL is only going to communicate back with CloudFlare's servers so browser compatibility isn't a worry here.
    Yeah, that's what I thought too, but how to explain it reaching all the way to the client? If no go here: SSL Checker - SSL Certificate Verify
    Just as soon as the board lets me. Over 5, now. It passes, though, inexplicably.
    0
  • Jcats
    It shows your access level as Root Administrator which usually entails having access to WHM. You may have to rely on CloudFlare support as I can't assist further without seeing where the problem actually is.
    0
  • rseiler
    It's simply not a feature of our shared hosting plan. If it were, I would have access to it, but either way WHM is not necessary to install the origin cert. I'm in contact with the "hosting partner" now, since at this point I don't think there's anything left to be done in Cpanel or Cloudflare. Universal SSL, which is supposed to be "automatic," is just not getting through to clients, though it does to checkers like sslshopper.com and ssllabs.com. Go figure.
    0

Please sign in to leave a comment.