Dreamhost stuck using Full and not Full (strict)?

ssl

#1

Dreamhost allows you to obtain a Let’s Encrypt SSL cert directly from their custom admin panel, however whenever I use Full (strict) on Cloudflare, I get a Error 526 from Cloudflare saying there’s an invalid SSL certificate:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name.

According to one of your KB articles it also explains the error: https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

Choose “Full” if you have a self-signed SSL certificate, and choose “Full (strict)” if you have a valid SSL certificate.

Only when I use Full rather than Full (strict) can I access the site. Since the site only works when it’s on Full and not Full (strict), then does that mean the Dreamhost’s Let’s Encrypt SSL cert is invalid?


#2

All your information is correct. You should be able to use Full (Strict).

It’s been a while since I’ve used Dreamhost, but do they show a status for the certificate?

As a test, if you :grey: your DNS entry here and visit your site, you should see the valid Let’s Encrypt certificate with :lock:.


#3

Okay I think it’s a case of Dreamhost taking its sweet time to generate the LE Cert. Originally, the only way I could access the site was if I had Cloudflare on with the Crypto setting at Full. This helped support the hypothesis that the LE Cert was not available.

After getting your reply I went and checked it and the cert was showing in their dashboard, key and all. I did a whole test again, Cloudflare proxy on and off and discovered when it was off this time, I was receiving the actual LE Cert, and when it was on, I was receiving the Cloudflare cert. I was even able to switch between Flexible, Full, and Full (strict). I had a feeling that it was a because it was never generated - but what made me confused is that I contacted their chat support, and maybe they didn’t even check, but they recommended that I specifically use Full and not Full (strict) without even a bat of an eye.

But then I was checking my email and saw that the notification for the cert generation didn’t come in until 7:54PM EDT so that further verified that the support agent was being lazy and Dreamhost just takes a long ass time to generate the LE Cert.

Sorry that was long winded but just wanted to walk through the debugging steps. But thanks for validating my hypothesis because I thought I was going crazy.


#4

This topic was automatically closed after 14 days. New replies are no longer allowed.