Just set SSL, restart apache, but still not work


#1

it reported error

NET::ERR_CERT_AUTHORITY_INVALID
Subject: CloudFlare Origin Certificate

Issuer: CloudFlare, Inc.

Expires on: 2033.6.29

Current date: 20187.8

PEM encoded chain:
-----BEGIN CERTIFICATE-----

I checked at
https://www.sslshopper.com/

SSL installed correctly

Just wonder if I need to wait 24 hours or 36 hours until ISP works?

Your comment welcome


#2

SSL Shopper is only testing your public-facing SSL certificate on the Cloudflare Proxy Server.

The Cloudflare Origin certificate is for internal use so Cloudflare can connect to your web server.

The error implies it doesn’t trust the Origin Certificate, in which case, you need to add the Cloudflare Root CA certificate:


#3

I set ssl

<VirtualHost *:443>
DocumentRoot /home/mydomain/public_html
ServerName mydomain.com
SSLEngine on
SSLCertificateFile /home/mydomain/mydomain.com.crt
SSLCertificateKeyFile /home/mydomain/mydomain.com.key

how to set the cloudflare origin CA?

do I need to set
cloudflare_origin_ecc.pem
cloudflare_origin_rsa.pem

in .conf file

or just copy the pem content to mydomain.pem/crt file?


#4

The documentation makes it look like you paste the CA file onto the end of your .crt file

It’s probably the RSA file.

If it doesn’t work, at least all you have to do is cut it off the end of your .crt file.


#5

so no need ecc content?


#6

You’re probably using RSA format.


#7

I try to set content of mydomain.crt content as

mypemcontentrcapemcontent

mypemcontent
rcapemcontent

-----BEGIN CERTIFICATE-----
mypemcontent
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
rcapemcontent
-----END CERTIFICATE-----

no one works


#8

Ok, so much for that idea. Maybe someone else knows how to get it to work.


#9

After skimming some Google results, it looks like Apache would keep this certificate in a different directory. Again, this isn’t something I’ve ever done, so hopefully someone else will respond.


#10

cloudflare’s description is not very clear

you will need to append the appropriate root below to your .pem file.


#11

That might be just how cPanel handles this.

This link looks like a way to install it in the same directory as your other certs, then add a line to the conf file:


#12

case 1 works!

mypemcontentrcapemcontent

but it needs several minutes to be activated

Thanks a lot for your help and patience