Https certificate authentication – turn off

Using Cloudflare’s proxy. Your domain seems to be configured that way right now.

Your domain seems to load fine at this point -> http://sitemeer.com/#https://prokopacek.cz/

There is mixed content, which is a completely different issue though.

Still, try to get that origin certificate running, because right now your site is not as secure as it could be.

Ok, thanks again. :slightly_smiling_face:

Yesterday, I tried to configure the origin certificate, but I failed. I saved both the key and the certificate and imported them into two separate files, as was recommended. Then I copied them to the webserver. I should have opened the port and allow https. What is that mean? I thought that I had to cancel any certificate for hosting, because I create my own via Cloudflare. Therefore, only to stop the Self-signed. How should I allow https then? What else should be done, please, to make it work?

Thank you

I am not quite sure what you were trying to say now. What ports do you need to open? Considering you already have an SSL setup you wouldnt need to change anything there. The only issue is the expired certificate, is it not? In that case you have an origin certificate issued by Cloudflare and configure the certificate and the private key on your server. Thats it.

I only followed instructions, and I wasn’t sure if that’s the problem why it still wasn’t working: “Enable SSL and port 443 at your origin web server.”
“The only issue is the expired certificate, is it not?”
I think it is, if I cancel Self-signed certificate right now, even if both files are copied to webserver, websites don’t work with the origin certificate.
The question then is, how to configure the origin certificate issued by Cloudflare correctly in order to make websites work with it.

Refer to the article I posted earlier, it also covers how to configure it. Otherwise it is best to contact your host.

Could you please refer me to a specific section in the link that you have shared with me that will explain to me what else should I do to configure the origin certificate correctly and how in order to make websites working? I have read the article few times, and I am still not sure. Which is why I am asking you.

Its quite obvious :wink:

Install an Origin CA certificate at your origin web server

Let’s Encrypt certificates can be issues easily from the server which hosts your site as LE simply checks that the domain (and alias or subdomain) DNS records resolve to the server attempting to issue them. Even if that’s through a Reverse Proxy like Cloudflare, LE can still issue certificates as long as the server is configured correctly so that traffic to those domains reach the server for verification (to show ownership). If your current hosting provider doesn’t offer that, then I recommend switching, as disabling the Cloudflare proxy or SSL is a security risk, which would have to be done every 3 months (usual lifespan of the issued certificates). There are some hosts that even have Cloudflare Authenticated Origin server as well as LE options built into their hosting. I recommend finding something more suitable for your needs.

The reason why this domain provider doesn’t allow LE for clients, who use different than their own nameservers, is profit. No matter how simple that would be for them, and that LE is actually free. They offer a service for the use of external certificates for additional payment, besides payment for the domain. Which is also a reason, why the origin certificate won’t work as well. Yeah, the best choice would be to switch them. I think it is a standard to offer LE and to allow clients to change DNS nameservers anywhere the client wants to without asking admins (as in this case). But the owner of the page doesn’t want to right now. So thank you all for your help.

This topic was automatically closed after 31 days. New replies are no longer allowed.