After my site went down astralcomputing[dot]com I found out that the LetsEncrypt certbot was no longer supported/working.
So, I used the option to create a “Origin Cert” in the SSL configuration panel in Cloudflare. I saved the key and the cert, and put them on my server and edited the ssl config to point to the new Cloudflare cert and key. So far so good. After restarting Apache, I can the see website in a web browser using https if I go directly to the IP address: 22.214.171.124
Note: the browser complains it’s not secure due to the cert being self-signed. You can view the cert and it looks ok, (from Cloudflare etc.) so I know it’s working directly.
BUT 0 if I access the website using the domain name (via Cloudflare) I get a timeout…
When I run the Cloudflare site diags, everything looks ok except the SSL diag and it reports an “error above 400”
Don’t know what to do from here other than to get rid of the Cloudflare “Origin server” cert and create a “real” one and install that from someone else… (like it was doing under LetsEncrypt before)
I’ve had the firewall in Cloudflare set to US only and block other countries, since I started using CF a long time ago.
Never had any issue with that before. Did not make any changes there…
I did follow the instructions for the Origin certificate setup that included changing the encryption mode to “Full Strict” and that’s the way CF is setup now… From PHX metro area CF serves me up the “Wayback Machine” copy with the banner about being offline… or sometimes just times out.
But, from same location/laptop directly to the IP address I get the real website.
Also, I don’t have any issues with SSH directly to the iP
So, something seems to be wrong with the connection between CF and my site.
Well, it does not according to the Cloudflare diagnotic page (as https) also I get a 522 error that flashes sometime…
The web hosting vendor says that the IP block I am in is currently unreliable and is switching me to a new address block.
Let’s see if that fixes the issue… will update as soon as that is done.
Thanks for the suggestions so far.