Can't get SSL working


#1

I manage my own Linux server with Ubuntu on it and it’s currently configured with a Comodo SSL certificate

I’m experimenting with a free Cloudflare account and cannot get the free SSL certificate to work.

I have placed the .key file in /etc/ssl/private and the .crt file in /etc/ssl/certs and they are referenced in my domain configuration like so

SSLEngine on
SSLCertificateFile /etc/ssl/certs/certname.crt
SSLCertificateKeyFile /etc/ssl/private/certname.key
SetEnv nokeepalive ssl-unclean-shutdown

When using this setting with the SSL set to flexible (and higher security options) and unpausing Cloudflare I get a ERR_CERT_AUTHORITY_INVALID error

My current configuration is as follows

AccessFileName .htaccess
SSLEngine on
SSLCertificateFile /etc/ssl/certs/certname.crt
SSLCertificateKeyFile /etc/ssl/private/certname.key
SSLCertificateChainFile /etc/ssl/certs/certname.ca-bundle

    SetEnv nokeepalive ssl-unclean-shutdown

The main difference I can tell so far is the additional bundle crt. Can I get that or is there something else I’m doing wrong

Currently Cloudflare works in a paused state and my SSL certificate but I’m not getting the benefits :frowning:

Any help is appreciated, thanks.


cloudfens.com
#2

Got a few questions for you:

  • Are you using Origin CA on your origin with us? or Comodo?

  • Where are you seeing that error? In the browser?

  • Can you paste the contents of certname.crt?


#3

Currently I’m using comodo’s CA bundle and cert that was supplied by them. In order to get that SSL to work I had to generate a key and a CSR on my server.

When using the cloudflare setup I switched to the crt and key file provided in my apache setup listed above though I didn’t reveal the actual names of the key files but I figured their location is standard enough :slight_smile:

There error message was in both IE and Chrome browsers, my apache works with either the comodo or cloudflare certs…it just seems that the cloudlfare is missing something that the comodo offers.

I’m assuming you want to see the cloudflare crt file?

-----BEGIN CERTIFICATE-----
MIIEujCCA6KgAwIBAgIUdIR0uP2ZSIj3MYALh34CIJQ2VOAwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MB4XDTE4MDMxMjEzNDQwMFoXDTMzMDMwODEzNDQwMFowYjEZMBcGA1UEChMQQ2xv
dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7e77cVoU0sW8PssHVJIldbX/jMW0FQ3XFfuS
a7YPIgDx3c2c6eH9DHcfg0b2M3wTThf+b/9JNComfgIhjGN2CVFfemKXca9+1b1R
vCgkWRVRzGfn9r5ZCYDduELFhT6wXEQtuFgFh02QolWpenOyJv1CaxTrHx8eMkiH
p/FaAL8mbjzGHh6u+V4DrCQePyokK5/T0b/1Ycz/R2uPDRXfCng54RKezfdrdq0G
ZaevhpnisbAj7FQOqPHBNuMRzhjXDyl8hT4uC+dkjRrezJRk+HGmkxMyEIluvpyy
fJ8WeSpCp/P9rM/7wuNoEBP3MsfHxn/sASoAIswUjzZt/cbAZwIDAQABo4IBPDCC
ATgwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQS9tKBeEF164iWZ2EUNH6NtgT4RDAf
BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
YTA9BgNVHREENjA0ghkqLmNocmlzdGNlbnRlcmVkZ2FtZXIuY29tghdjaHJpc3Rj
ZW50ZXJlZGdhbWVyLmNvbTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmNs
b3VkZmxhcmUuY29tL29yaWdpbl9jYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAKs1
qiLcoBCdAl9jgmdGfKm2eAMQWN/Q4rF8h9Zht31c9Ve0N+KKI5aaprmolPZWP5nl
eYzZOn3TwYCHpcWibHX8Rak92WHe5SJSUy8o3upziIDeyaVd5knng8g3QYFzoxpa
9LYL/qhL01IDoU85kto9IZXRfdKguEEhCPmHlMnC5VhaSv5UZ33XB5AcMeVlDLpu
CeuiVFA2F/TVYbeYHySq3JtsV7gPXEjHMqunUiKXIB5cfd0Fxc1Jh8fDKNEwTy7s
ayIaZX0QG0ehFSob576nv4ehuGs/GAl9fTtQk1bad++ILbwm7cE09qJWvkD2zjNu
dPXkCCkMU8bJ0rjf4Yg=
-----END CERTIFICATE-----


#4

For grins I tried it again today and it’s all working. I guess I just had to wait a little bit. Glad I wasn’t doing anything wrong :wink:


#5

I was just about to escalate this. Thanks for updating. Sorry for the inconvenience.


#6

A post was split to a new topic: Google PageSpeed Insights not working with SSL enabled


#7

I had to wait a few days for my certificate to start working


#8

please help to ssl certificate verification


#9

Your domain is not yet active on Cloudflare, until it is we cannot begin the process of requesting a certificate for your domain.


#10

This topic was automatically closed after 14 days. New replies are no longer allowed.