Hi…I load balance two servers. web1 is rsynked to web 2 but it only goes 1 direction from web1 to web 2. So if I do not directly target web 1 with a host file modification and I am routed thru CF randomly to web 2, plugins and images are not sent to web1.
With an origin certificate I get a browser warning that is kind of a pain while I am navigating around. I am aware that a origin certificate is not a browser certificate that is why the warning.
There are issues with installing a auto ssl or let’s encrypt certificate naturally because of the DNS going thru CF.
Is there a work around…would be nice if CF had a plugin to install on your browser to validate the origin cert just for specific access needs.
Also during a sale I like to have a host file mod or two computers one to each site directly so I can monitor the performance.
Using Cloudflare DNS makes deploying Let’s Encrypt certificates a cinch. The Cloudflare API makes validating DNS-01 ACME challenges quite painless.
Importing the Cloudflare Origin CA certificate into your browser as a trusted root certificate would meet your desire. I prefer Let’s Encrypt and DNS-01 validation, but either method will do what you want.
I tried to import the Cloudflare Origin CA certificate into your browser as a trusted root certificate but could not get it to work. The documentation I saw referenced a .crt file type but only could download a .der and tried that and could not make that work. You reference DNS makes deploying Let’s Encrypt certificates a cinch…but is that only if the domain registration has been transferred to CF? It is with GoDaddy now.
Your domain registration doesn’t need to be with Cloudflare to use a DNS-01 ACME Challenge. That has nothing to do with Cloudflare, though, so is a better topic for the Let’s Encrypt Community.