Browser not trusting cloudflare origin certificate

Security
#1

Hello,

I’m trying to understand how cloudflare and their certificates work so I have a test dns that’s being handled by cloudflare as well as a test server. My A record for my dns points to my server and I made sure it’s being proxied through CF (orange cloud).
Then set my SSL/TLS settings to full(strict).
Lastly I generated origin certificates and downloaded them.

Then I ran my server using those certificates but when I try to connect to the server in my browser I receive an untrusted certificate error

Screenshot 2021-03-13 at 9.10.37 AM
Screenshot 2021-03-13 at 9.10.37 AM1388×392 31 KB

Am I doing this correctly? Do the DNS settings need time to update?
I’d like to use cloudflare’s origin certificates as well as route through cloudflare but I’m not sure what I’m doing wrong.

#2

As the Origin Certificate page says:

Origin Certificates are only valid for encryption between Cloudflare and your origin server.

It’s only for :orange: Proxied hostnames.

3 Likes
#3

@sdayman It is proxied though. As I mentioned in my posted, "I made sure it’s being proxied through CF (orange cloud)

qTxHL
qTxHL2028×128 16.3 KB

Unless I am misunderstanding. Does it not work for proxied A record to IP addresses?

1 Like
#4

It does not appear to be proxied for you. What’s the actual hostname?

1 Like
#5

The host name is jdragon.digital and the server is running on port 8080. I posted an image showing the name, ip and proxied status.

#6

8080 is not an HTTPS port.

I’m not even able to get a response from that server with https, http, or http on 8080.

2 Likes
#7

So does it have to be 443? I’ll try running it on 443. But it’s a simple node js web server I’m testing for ssl.

const https = require(‘https’);
const fs = require(‘fs’);

const options = {
key: fs.readFileSync(‘key.pem’),
cert: fs.readFileSync(‘cert.pem’)
};

https.createServer(options, function (req, res) {
res.writeHead(200);
res.end(“hello world\n”);
}).listen(8000);

#8

443 would certainly be nice if you want HTTPS.

2 Likes
#9

Oh nevermind! Now it’s working! Thank you so much @sdayman !

#10

Just for the sake of good order - because I am sure in two years there’ll be someone referring to this thread saying ports are protocol specific - generally 8080 is just yet another port and of course you can run HTTPS on it, in this particular case (and what @sdayman meant) it won’t work because Cloudflare only proxies HTTP over that port.

Apologies for the nitpicking, just tired of all the bandwidth and sub-domains and secure sites on HTTP :slight_smile:

3 Likes
#11

Thank you for both! I should have just used 443, it works on 443 .

1 Like
#12

Thanks only go to @sdayman please. I was just nitpicking :slight_smile:

1 Like
#13

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.