Cloudflare origin cert not connecting with edge cert

david178 · December 1, 2024, 3:43pm

What is the name of the domain?

rocksolid-4x4.com

What is the issue you’re encountering

I am getting a black screen after replacing godaddy expired cert with the origin. The godaddy worked

What steps have you taken to resolve the issue?

I have paused and then enabled cloudflare.
The origin cert seems to be installed properly

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Reload site, header shows but body is blank.

Laudian · December 1, 2024, 3:47pm

I’m blocked from accessing your site, so I’m unable to check.

Could you show a screenshot of the error you see?

david178 · December 1, 2024, 3:49pm

I am not getting any errors. I can f12 and see it loads the header and the body is blank.

sdayman · December 1, 2024, 3:49pm

sdayman · December 1, 2024, 3:51pm

This is probably more helpful:

sdayman · December 1, 2024, 3:52pm

It looks like an origin 500 error page:

david178 · December 1, 2024, 3:52pm

So how do I fix that?

david178 · December 1, 2024, 3:54pm

I am pretty sure the only change I made was the cert on apache.

Laudian · December 1, 2024, 3:57pm

When you paused Cloudflare, did that fix the issue? Can you pause it again now?

This doesn’t look like what one would expect from a certificate issue.

david178 · December 1, 2024, 3:58pm

I just paused it

sdayman · December 1, 2024, 4:00pm

There’s still an origin error:

% curl -skvo /dev/null https://rocksolid-4x4.com/
* Host rocksolid-4x4.com:443 was resolved.
* IPv6: (none)
* IPv4: 23.24.xxx.xxx
*   Trying 23.24.xxx.xxx:443...
* Connected to rocksolid-4x4.com (23.24.xxx.xxx) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [322 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [25 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [1215 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: O=CloudFlare, Inc.; OU=CloudFlare Origin CA; CN=CloudFlare Origin Certificate
*  start date: Nov 30 23:18:00 2024 GMT
*  expire date: Nov 27 23:18:00 2039 GMT
*  issuer: C=US; O=CloudFlare, Inc.; OU=CloudFlare Origin SSL Certificate Authority; L=San Francisco; ST=California
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/1.x
> GET / HTTP/1.1
> Host: rocksolid-4x4.com
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
* HTTP 1.0, assume close after body
< HTTP/1.0 500 Internal Server Error
< Date: Sun, 01 Dec 2024 15:59:45 GMT
< Server: Apache
< Set-Cookie: _pk_ses.1.54bc=%2A; expires=Sun, 01-Dec-2024 16:29:45 GMT; path=/
< Set-Cookie: _pk_id.1.54bc=5052c9208a69f3a2.1733068785; expires=Mon, 29-Dec-2025 15:59:45 GMT; path=/
< Set-Cookie: _pk_cvar.1.54bc=%5B%5D; expires=Sun, 01-Dec-2024 16:29:45 GMT; path=/
< Content-Length: 1043
< Connection: close
< Content-Type: text/html; charset=UTF-8
< 
{ [1043 bytes data]
* Closing connection

david178 · December 1, 2024, 4:04pm

whats interesting is I can view my server side analytics directory dashboard through wireguard. It shows invalid cert but I can advance. The cert shows the origin cert. It seems like the server is working just not in the / directory. If I access the rocksolid domain through wireguard I also get the black screen.

Laudian · December 1, 2024, 4:17pm

I still can’t access the site, so I guess there is a firewall in place that still blocks me

curl -svo /dev/null https://rocksolid-4x4.com
* Host rocksolid-4x4.com:443 was resolved.
* IPv6: (none)
* IPv4: xxxxx
*   Trying xxxxx:443...
* connect to xxxxx port 443 from 95.217.120.39 port 52808 failed: Connection timed out
* Failed to connect to rocksolid-4x4.com port 443 after 132973 ms: Couldn't connect to server
* Closing connection

An internal server error (500) can be basically anything. Did you check your Apache access log, error log and the PHP logs for more information?

david178 · December 1, 2024, 4:19pm

What can I learn from your curl post? I am learning.

Laudian · December 1, 2024, 4:22pm

That’s the interesting line, same as in the screenshot above. It doesn’t really tell you much, other than that there is a problem either with the software you are running or your server configuration.

Check your apache and application logs. If there’s nothing there, increase the loglevel.

If you only changed the certificate, doublecheck that the file permission are as they should be.

david178 · December 1, 2024, 5:59pm

Problem almost solved. My server side analytics was blocking page contents. It was using a ev cert. Thanks for pointing me in the right direction!

system · December 16, 2024, 5:59pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ssl also not working Security	8	2009	March 16, 2020
Synology Cloudflare Origin Cert and Edge Issue Access	7	2767	March 8, 2022
Origin CA CloudFlare SSL Getting Started	20	2422	January 7, 2020
No edge certificates issues, whats happening? General	4	3059	April 18, 2020
Cloudflare Origin Certificate Invalid - Please Help Security	2	4002	January 4, 2020