Cloudflare, SSL, Kemp, and Apache (very lost)

Ok, I admit, I got sucked in by the NetworkChuck YouTube video on setting up a a free Kemp load balancing VM. In his video he walked us through getting a root certificate from CF and downloading the origin CF certificate and installing in on the Kemp VM. Seemed simple enough. Now, I’m trying to install it on my Apache server, and am totally lost. I had an existing certificate (not sure what kind anymore) purchased through NoIp which I set up 5 years ago.

I’m a bit lost, first off I seem to have a lot of extra code in my SSL.conf file in Apache, and second the keys I have been using are .crt. I thought it would be as simple as adding the coping the three files to the Apache server, and changing the .conf to match the new file name. However, even if I take Kemp out of the picture I can’t get it working.

The CF documentation sends me off off to a DigiCert help page that talks about generating new credentials there.

Here’s what I have in my dashboard when I select SSL/TLS:

  • Overview
    • Full (strict)
  • Edge Certificates
    • Hosts (*.mydomain.com, mydomain.com), type universal, active
    • Always us HTTPS (on)
  • Client Certificates (nothing)
  • Origin Certificates (*.mydomain.com, mydomain.com)
  • Custom Hostnames (nothing)

I’ve download the CF root certificate from Managing Cloudflare Origin CA certificates

I’d love some help figuring this out.
Thanks in advance! :grinning:

The main question is, does your setup work on HTTPS when Cloudflare is out of the picture?

With an Origin certificate you will receive a warning in your browser, but you can ignore that for now as you know that you have a certificate which is only trusted by the proxies.

If that works, the issue might be related to your Cloudflare setup. It’s most likely not to work, however, and that would indicate a general issue with your setup, where Cloudflare then wouldn’t be involved.

Ok, after doing it for the 10th time I’ve gotten it to the point where I can use the certificates I’ve generated in CF and it works if I go directly into my server.

How when I activate the Kemp load balancer I’m getting a error 520 from CF at mydomain.com

As I said, does the whole setup work when Cloudflare is paused? If not you will need to fix that first.

I guess I don’t know that it means to “pause Cloudflare”

Pausing is done at the bottom right of the Overview screen and connects directly to the machine configured in your DNS records, instead of the proxies.

Also, you’ll most likely have to configure the certificate rather with your load balancer than your actual server software.

Oh cool, I’d never run across that (new to CF). It says net::err_cert_authority_invalid. If I accept that it’s not secure I get err_empty_response. I’m guessing it’s now a setup issue with Kemp. so I’ll go back and watch the NetworkChuck video.

Thank you for helping to untangle this!

Yeah, that’s what I mentioned before.

It does seem to be an issue with your setup. I’d keep Cloudflare paused at this point and work on the setup. Once it loads fine (again, ignore the certificate warning for now) then you can unpause Cloudflare.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.