Hi, first of all thanks a lot for the reply and trying to help. Really appreciate that!
Answering your questions:
-
Yes, if I disable and reenable Universal SSL, I get a new certificate from Google Trust Services, valid for 3 month (pending validation) which works and makes the connection secure.
-
I tried both, Full and Full (Strict)
For context: I am running some domains with IPv6 only, and therefore I like to use cloudlflare DNS with proxy, to get a valid public IPv4 address. Especially with nextcloud, there are some problems, if you setup a domain only with IPv6. Nextcloud backend does not download Apps and also the update server is not reachable, while only on IPv6.
Non proxied cloudflare works fine, even with letsencrypt, It renews the certificates after 3 month, with the help of a DNS NS entry with _acme-challenge. The plesk generated letsencrypt value then can be auto-transfered from plesk via the cloudflare plesk extension and the letsencrypt certificate does its job as it should. So the side worked before switching to cloudflare and even runs with cloudflares universal ssl, even letsencrypt works!
My only problem is using the Origin Certificate Certificate for all my webtraffic. E-Mail traffic should be still secured with Letsencrypt, so both should run side by side für web (origin) and mail (letsencrypt).
I followed the steps from this guide, generating an SSL certificate and putting it into plesk.
I am pretty sure I did not mess up there and copied all the right certs and keys to its needed positions! For example, when I turn DNS proxy off, I also see, that the cloudflare origin certificate will be loaded, of course then it is unsecure and not valid.
But Plesk does not show me a green icon, that the certificate is activated. Probably for the same reason, the website gets the ERR_SSL_VERSION_OR_CIPHER_MISMATCH in return from Browser if proxy is turned on.
Here are my SSL/TLS Settings:
Also in Plesk, HTTP is redirected to HTTPS.
Would be great, to get the Origin Certificate running!