NEWBIE help for subdomain not working

Thanks for being patient… My lack of progress is not because of my lack of effort, I assure you. I created saved Origin Certificate and Private Key into separate files.I also save the PEM file.

Installing Origin CA certificate on origin server–is what I do not understand how to do. I hoped that GoDaddy would have been helpful— They seemed like they were trying, but some of their advice seemed opposite to what I was hearing here and on the video tutorials.

Am I able to install Origin Certificate and Private Key myself through Cpanel?

1 Like

Other than what I’ve mentioned twice, I don’t know. From the support article:

1 Like

Mentioning it twice— saying it the same way did not make it any clearer.

The instruction for installing the Origin Certificate is where I am getting lost. I have these installed and setup–as far as I know.

1 Like

I don’t use GoDaddy nor cPanel. You really need the support of your host in this endeavor. All Cloudflare can do is provide an alternate cert if your host has poor support for SSL/TLS. I know it’s a struggle, but GoDaddy isn’t known for being very helpful.

2 Likes

I do appriciate your time… I know you are frustrated trying to walk me through the process.
I couldn’t text message you through how to take out an appendix. I have nothing but good things to say about CloudFlare… I created and have saved the Origin Cert/key as a Txt and PEM file. I also saved the Private Key generated during that process as a Txt. I will try again with GoDaddy Support— I am sure I will get a different person. :slight_smile:

I want to do it by chat—so I can past the key/cert when needed. The chat does not have a way to upload a file.

Do you think the following wording is clear for what I need them to day.

"I recently installed CloudFlare to utilize their free SSL Cert. I have already installed the Private Keys, CSR and CRT, It looks liek it is working, but the process is not complete. I need GoDaddy to install the Origin Cert and Private key to complete the process-- I can not do this through CPanel. It has to be done by GoDaddy. " I will at least know I am asking the correct question/giving them the correct instructions. Then if they do not understand what I am asking, I can ask if they could kick it up to a higher support teir.

1 Like

It’s easier to ask them how to upload your own SSL certificate. And that you may have to upload the Origin CA Root Certificate as well if GoDaddy doesn’t accept your uploaded certificate as is.

Noted. My backup plan would be to ask on Reddit.

I just noticed this:

That’ll never work without a paid certificate here at Cloudflare:

I’ll go over the tutorial.

Here are 2 pics. It looks like stuff is correct, but Real SImple SSL has an error on the last step sayong Certif not found.

CPanel SSL  OK Cert 2

I did not paste the whole Key.

I did review that yesterday… jennifer.dellazanna.com is on one level away from dellazanna.com, so it is not too deep.

I can’t access the sub if I have the CNAME DNS record with an Orange Cloud.

Sandro said… in this thread "Does your server IP address end in 246?

If so, that was not stellar advice :wink: as there’s no proper certificate in the first place which could be working fine :

I assume you’ll also have a broken encryption mode selected on Cloudflare → Why you should choose Full Strict, and only Full Strict. Double check that as well."

So… they said the domain does not have a “proper certificate” not sure how to determine that or correct it.

That might be the original certificate from GoDaddy. Best practice on certs is to include, literally, dellazanna.com and *.dellazanna.com. This is typically the default for Cloudflare’s Origin CA cert.

I don’t know why the top image didn’t include the www or jennifer subdomains.

If you paste the certificate text (not the key text…that’s supposed to be a secret), this tester should show you which hostnames it’s valid for. It should be the domain plus the wildcard subdomain.
https://www.sslshopper.com/certificate-decoder.html

Dam, I think you might be correct, but no idea how to fix it. I had a free SSL Cet through ZEN plug in. This is what I got when I ran it through thta site.

Certificate Information:
Common Name: dellazanna.com
Subject Alternative Names: *.dellazanna.com, dellazanna.com
Valid From: July 20, 2021
Valid To: October 18, 2021
Issuer: R3, Let’s Encrypt Write review of Let’s Encrypt
Serial Number: 039569c1913b2e16c0d7c447fa6c0a5af8ea

I contacted Zen after GoDaddy said they had to delete the cert… and Zen said they do not save anything. (again I do not understand the process).

Is there a way to get rid of all certificates and start fresh…

That’s all up to the host. It’s their server. Cloudflare only provides an Origin cert in a pinch.

My certificate was stil from the old Free SSL. GoDaddy could see the CloudFlare Certificate, but it was no associated with any domain— That is what he said.

GoDaddy walked with through deleting it and all SSL certificates and he manually deleted it from the server.

I would like to start over with CloudFlare… start from scratch, so I know I followed the steps in order. I made a Cert Signing Request. Any Red Flags I should be aware of deleteing the domain and starting over?

I read “If DNSSEC is activated via Cloudflare, remove the DS record from the registrar configuration in the DNS app before removing your Cloudflare domain.” and I did that.

Turn off DNSSEC at your domain registrar, and change the name servers back to GoDaddy.

Then back to this:

Thanks to GoDaddy’s Tech Support my original SSL problem ended up being unrecoverable. Many Thanks for your help and patience.

Called GoDaddy for help with the persistent expired SSL cert from ZEN that I tried to delete several times. GoDaddy walked me through re-deleting the SSL CERT and when they checked they still found it on their server. Whatever they did after that— I lost my main domain completely and somehow they corrupted my subdomain. I tried to restore both with backups—still did not work. Figured it might be easiest to just delete everything and start over. They wanted me to pay for a Tech Support package–after they trashed it.

After seeing the video below, I understand how my questions must have frustrated you. I was done in 10 min. A key stumbling point for me was that I did not know that Origin Certificate is the same as Certificate CRT. Thanks for everyone’s help. Now setting up the sites this weekend.

1 Like

Sub-Domain Advice

I just installed a basic fresh install of Word Press on a subdomain.

My main domain was able to show the generic WP site and I could log in to the site and setup the page

I did the same for my sub-domain jennifer.dellazanna.com and the site does not show the generic WP site. It shows coming soon.
PIC

When I try to log-in to word press part of the site I get a 404 error.

Also—it might be related to this

I read that when I am using Free CloudFlare account that my subdomain sites must be addressed without “www” or HTTPS://.

I have cleared my cache on my browser

I enter only jennifer.dellazanna.com in my browser

The browser converts it to https://jennifer.dellazanna.com/ and loads the Coming Soon page.

I have the following DNS Setting

Thanks for any help.

I can NOT stress this enough:

1 Like

I had it off initially when I was setting it up and had the same issues. I searched the Community Forum for the topic and saw one that instructed the person that it should be ON, so I turned it back on. Maybe I read it wrong.

I just shut it off again and will give it a at least 5 minutes to take effect. I have a little triangle next to it saying it was changed a few seconds ago. I will wait until that is gone and try to log back in.

I am not sure what aspect of building the website I need to check or do to to address your comment “it needs to work with HTTPS” before adding the site.

Thanks again…

This is an example of a site not working with HTTPS:

I do not mean to bother you over the weekend… I had no expecations that someone woruld respond. SO extra THANKS.

You were right again… I shut it off and waited 10 min, I now have access to the site. Not sure why it did not work last time I had it off. BUT I am sure it was human error on my side.

Yes, That is the page I see… I did not relize that that is the page shown when the site does not work with HTTPS.

I managed to install my WP Theme and will start stting stuff up. I just do not know what I need to do on the WP side/site to make sure it works with HTTPS.

Thanks again.

Gary DZ

1 Like