First I signed up to Cloudflare.
Then I installed all needed DNS Records and they’re propagated fine.
As the next step I just set the SSL/TLS encryption mode to Full.
But after hours I still get the Let’s Encrypt ssl installed on my site !
The issue is I want to secure my website using Cloudflare’s SSL not the Let’s Encrypt one, right ?
Actually I want the certificate to look like this one:
What is missing here ? How to fix this and get the Cloudflare’s Full SSL ?
For starters, Full is insecure. You should use Full Strict.
Then, I’d recommend to pause Cloudflare (bottom right), check if the site loads fine on HTTPS and talk to the host, if it does not. Once it loads fine on HTTPS, you can unpause Cloudflare.
So it is currently on Full Strict?
Yes it’s set to Full Strict but I I mentioned earlier I haven’t touched anything on my server just set things in Cloudflare
Cloudflare currently serves the following certificate for film2movie.asia on its proxies
That should work fine. Is there an actual issue when loading your site?
In that case, yes Cloudflare does serve as Let’s Encrypt certificate but that’s perfectly all right, as Cloudflare uses a number of different certificate authorities.
If you are using Full Strict, you actually have a proper setup.
Dear sandro I wish you were right but I’m afraid that this ssl works on old windows 7 and even old android devices, let me check this and I get back to you …
That’s rather a client issue than a server issue.
Anyhow, you can switch the CA with an API call → How to switch from let's encrypt universal edge ssl to DigiCert? - #2 by sandro
It says :
This certificate has expired or not yet valid
even though my time zone and date and time on the system is ok
And the certificate has expired. Just not yours, but the root certificate which gets updated with the operating system. Windows 7 not being supported any more, is now unfortunately left in the dark. You can manually update it or switch the CA.
Thanks for the help, I just have a question:
what is [zone_id] ?
Where should I get this ? is it different for each user ?
It’s the identifier of your domain and you should find it on the Overview screen of your domain settings.
Sorry for another question I just don’t want to ruin anything:
I don’t understand what should I do with this: --data ‘{“certificate_authority”: “digicert”}’
should I just send {“certificate_authority”: “digicert”} via body of request as JSON ?
Like this ?
Correct, that API call takes a JSON object in the request body, and in our case we need to provide the field certificate_authority.
This post was flagged by the community and is temporarily hidden.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
