Email with Origin Certificate

I have discovered that the AutoSSL certificates in cPanel were not updating automatically since I started using Cloudflare. Interestingly, I was not receiving any errors and on the dashboard it was still saying I had “Full” end to end encryption. Not sure how that was happening with expired certificates!

I am now adding Origin Certificates to get around the AutoSSL issue, but some of my domains have email servers. How will Origin certificates affect that as they’re “DNS only”?

Correct, that’s issue for most of us :frowning:

But, a workaroud is to disable the Always Use HTTPS option at Cloudflare :wink:

I am afraid you cannot use both AutoSSL for “mail” and Cloudflare Origin CA certificate for “domain.com www sub, etc.”, as far as cPanel unfortunately installs that Cloudflare Origin CA certificate for all sub-domains automatically, therefore no way to use AutoSSL.

Furthermore, you cannot use Cloudflare Origin CA certificate for e-mail. It works only for web traffic (HTTP / HTTPS).

cPanel will always say “expired” or “not valid” certificate warning for Cloudflare Origin CA certificate.

See my two posts below for more information:

Either use Cloudflare Origin CA certificate, or stick with AutoSSL - but, when it’s the time to renew them you can (as already suggested → disable Always Use HTTPS), or you would have to:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
  4. Check with your hosting provider / cPanel AutoSSL / Let’s Encrypt / ACME / Certbot and renew it
  5. Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).
2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.