Connecting SSL to Origin Host cPanel

origin

#1

Continuing the discussion from Error with origin certificates:

I have tried connecting my CloudFlare certificate to my host using both of these methods (as many ways as I could think of).

Any ideas on getting this working? I would really appreciate some insight.

Also, can anyone tell me how long it usually takes for SSL settings get updated to the front end of the site?

(Please excuse my terminology, I am still learning!)


#2

Is your host using cPanel? If so, not all hosts let their users muck around with SSL certificates.

Is this a shared server where you don’t have root access? Root access is the only other way to install a certificate if your web server admin panel doesn’t provide a way.

SSL on Cloudflare usually gets issued within an hour for previously verified sites. Otherwise, within 24 hours. If your SSL Status still isn’t Active after a day, open up a Support ticket.
https://support.cloudflare.com/hc/en-us/requests


#3

Yes, my host is using cPanel.

I have a SSL/TLS option under Security in the cPanel. I do believe it is a shared server, though I do have this access.

It is just that the uploader through the cPanel doesn’t have as many options as the uploader shown in that first link.

So, should I actually be waiting at least an hour to try and upload the certificate information after I create an Origin Certificate?


#4

Try: Generate Key/CSR. SAVE THOSE!

Take that CSR and go to the Cloudflare Crypto page and select “I have my own key and CSR” Then copy/paste your CSR into the CSR field. It should generate the Certificate for you. SAVE THIS!

Now in cPanel, past in YOUR Private Key and CSR from the first step (these might already be filled in after Step 1), and paste in the Certificate you got from Cloudflare.


#5

I will try it this way again!

It was actually one of the first ways that I tried.

I’ll update this page when I am done.

So, I do not have to wait for Origin SSL Certificate verification before I try to upload it to my host?


#6

“The certificate uploaded is NOT for the domain name mamateasocial.com.”

I tried using both PEM and PKCS #7 formats and neither worked.

I appreciate your looking into this with me.


#7

No. Those are two independent systems.

What I do is just have Cloudflare generate everything, then copy them into my server. But cPanel might be happier if you let it to the initial work.

So Plan B would be have Cloudflare generate everything, then SAVE ALL THAT. (I only shout because I’ve neglected to save these in the past, and Cloudflare won’t show you the private key again). Then Upload Key and Upload Certificate in cPanel. It might let you do it this way.


#8

I have tried this as well!

I will do it once more now.


#9

I tried creating under RSA and ECDSA. Nadda.

Any more ideas?

I am thinking about creating a ticket under my host. If I can’t find any new ways to get this happening


#10

Is this after you use cPanel to generate the CSR? I’m wondering if the CSR didn’t have the two entries you need: mamateasocial.com and *.mamateasocial.com
These would be the two host names you’d use at Cloudflare when creating your certificate.


#11

It popped up both when I used my cPanel to generate the CSR and when I generated the CSR through CloudFlare.

I do not have the option to select any entries through my cPanel.



#12

Have you tried both options: Generate and Upload?


#13

yes, I have tried both generate and upload key/CSR.


#14

lol, that confused me for a sec. You edited my last comment to reply to me.

Thank you so much for working with me. You certainly validated my efforts!

You don’t happen to have a super easy guide to self-signed certificates off hand, do you?

I have done some research… but it all seems a bit over my head for the time and focus my life allows me to give this project! Hah!


#15

That was weird. I don’t know how that happened. I suppose there’s a chance I clicked Edit instead of Reply.

I’ve restored your post.

Anyhow…you might have to ask your host for help on this. I don’t know why cPanel isn’t accepting the Origin Certificate. It’s essentially a self-signed certificate that only Cloudflare is going to accept as a genuine certificate.

I did find this: http://www.selfsignedcertificate.com/

Try generating a key and certificate for just mamateasocial.com and see if cPanel will let you upload them. If cPanel accepts it, make sure you use Cloudflare’s regular Full SSL mode, not Full (Strict).


#16

Well, I found the issue.

I am not entirely sure what this means, but this was their reply:

Unfortunately cloudflare doesn’t add your domain or subdomain to the common name, thus will never work unfortunately. Cloudflare SSL certificates are not supported due to this.


#17

EDIT: Technically, they’re correct that it’s not in the common name, since it’s in an Alt Name, which is completely acceptable.

I disagree. Copy and paste that Cloudflare Origin Certificate (PEM format) in here:
https://www.sslshopper.com/certificate-decoder.html

You can get a copy of that certificate from the Cloudflare Crypto page in the Origin Certificates section by clicking “Download.” It’ll pop up a window with an encoded Origin Certificate.


#18

Oh, I see.

I am assuming that I am not able to change the common name of my CLoudFlare Origin Certificate?

I guess I will work on that Self-Signed Certificate to get my SSL up to Full. That sounds like a job for another day! I appreciate everything that you have done to help me get my site running.

Thanks again! Have a great weekend!


#19

No, you won’t be able to change the common name.

So Plan B would be to create a self-signed certificate…another day.


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.