Problems with SSL certificate in apache2 on the Ubuntu server

I use cloudflare services for DNS and SSL certificate, but even after the certificate config the website (www.endeavor.tec.br) remains unsafe.

I configured the certified in the serve this way:

1 - I created a certificate(pem) and a key(crt) in the cloudflare.

2 - I enabled the SSL by the following command:

sudo a2enmod ssl

3 - I created a directory in the origin server and attached both with the names endeavor.tec.br.pem and endeavor.tec.br.crt

4 - I altered the endeavor.tec.br.conf file in the apache directory changing the VirtualHost to the 443 port and inserting SSL lines as follow:

SSLCertificateFile /etc/cloudflare/endeavor.tec.br.crt
SSLCertificateKeyFile /etc/cloudflare/endeavor.tec.br.key
SSLCertificateChainFile /etc/cloudflare/endeavor.tec.br.crt

The website is accessible so the DNS is working, but remains unsafe. How could I fix it?

Do you see any logs in apache related to using the certificates? My first guess would be you don’t need the SSLCertificateChainFile pointing at the certificate.

@Jake1st when I check the access log I didn’t find many things about certificates:

172.68.24.117 - - [14/Nov/2021:14:57:19 +0000] "GET /wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6 HTTP/1.1" 200 5279 "http://endeavor.tec.br/" "Mozilla/5.0 (X11; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0"
172.68.24.25 - - [14/Nov/2021:14:57:19 +0000] "GET /wp-content/plugins/wpforms-lite/assets/css/wpforms-full.min.css?ver=1.7.1.1 HTTP/1.1" 200 5767 "http://endeavor.tec.br/" "Mozilla/5.0 (X11; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0"
172.68.25.244 - - [14/Nov/2021:14:57:20 +0000] "GET /wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6 HTTP/1.1" 200 1291 "http://endeavor.tec.br/" "Mozilla/5.0 (X11; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0"

except by:

::1 - - [14/Nov/2021:16:05:35 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 (internal dummy connection)"

I believe apache are not using the certificates and removing the SSLCertificateChainFile line the website are accessible but still without the certificate.

Make the SSL mode to strict in cloudflare dashboard

@cloudcreatr when I set SSL mode to strict, the website become inacessible.

That’s why I believe there is some issue in the server config.

1 Like

It would be in the error logs of apache. Typically at /var/log/apache2/error.log

@Jake1st I checked the error file and identified only one clear error message about the php script.

[Tue Nov 16 06:25:02.155126 2021] [mpm_prefork:notice] [pid 17542] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured – resuming normal operations
[Tue Nov 16 06:25:02.155158 2021] [core:notice] [pid 17542] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Nov 17 00:36:09.999937 2021] [php7:error] [pid 9840] [client 18.237.199.151:38016] script ‘/var/www/html/phpinfo.php’ not found or unable to stat

I’ll check this phpinfo script and try to figure out the link between it and the SSL problem. Do someone have any tips?

If you disable Cloudflare for the domain, ie change the orange cloud to a grey cloud and wait around 5 minutes does the issue go away?

Hi, please check this:

I will try:

  1. Make sure your DNS records are set up correctly.

After that, if you can access to your main domain using http, then check the SSL settings,

  1. Remember:

Will work only for a valid SSL.

I recommend this method, Let’s Encrypt works 100% with Cloudflare and strict mode.

thanks.

@Jake1st If you disable Cloudflare for the domain, ie change the orange cloud to a grey cloud and wait around 5 minutes does the issue go away?

How do I do this?

@Deimos_Col Thatś what I found strange because the DNS checker for me is woking fine…

Iḿ kinda lost right now

@Deimos_Col I tryed with the guide you sent to me, but still doesn’t work, thanks

For the DNS records, you can turn the proxy setting off and the record will turn from orange to grey.

Turn off: Proxy

Or, turn on development mode.

Or, pause Cloudflare.

Just select one option.