Find correct Certificate Authority Bundle for new Cloudflare Origin Certificates

Website, Application, Performance Security
1

What is the name of the domain?

s8int.com

What is the error message?

Contact Cloudflare, Inc and request the CA Bundle for Managed CA 685dbcf6cfd04add42145031cc7235ae

What is the issue you’re encountering

Trying to install a Cloudflare signed origin certificate on my Apache WHM/CPANEL server. Need the correct CA Bundle certificate.

What steps have you taken to resolve the issue?

I’ve read all of Cloudflare’s support pages. Apparently there is a new way of generating origin certificates in 2024. The documentation doesn’t seem to be up to date. My cpanel wants the Certificate Authority Bundle, but since Cloudflare generates a custom CA for each domain, it cannot find it.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

  1. Generate a CSR on my WHM/Cpanel server.
  2. Generate a new Cloudflare certificate using the CSR.
  3. Paste the Cloudflare signed certificate into the WHM/Cpanel form for a new certificate.
  4. Either submit with the CA Bundle field blank (it says it cannot find the CA Bundle for that CA) or attempt to fill the CA Bundle with the CA from Cloudflare documentation: origin_ca_ecc_root.pem . It generates an error saying the CA doesn’t match the cert.

Screenshot of the error

cpanel-cert-error.jpg
cpanel-cert-error.jpg858×978 209 KB

2

Download the Cloudflare Origin CA root certificate from here:

2 Likes
3

Those files do not work with the current Cloudflare-generated certificates as of August 2024.

4

Went out of my way to fire up a VM, installed WHM, and followed your steps.

And I can confirm… your statement is simply not true.

image

image
image744×971 100 KB

2 Likes
5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.