Please forgive me as I’m new to working with VPS hosts.
I’m running CentOS 7.9 with WHM/cPanel. I’m trying to configure authenticated origin pulls with Cloudflare, and force all requests to go through CloudFlares network with .htaccess “Require ip xxx.xxx.xxx”. I generated an origin server SSL certificate on Cloudflare and installed it on WHM and cPanel (not sure if I was supposed to only install it on just WHM, or just cPanel, or both). I downloaded the Cloudflare specific CA (authenticated_origin_pull_ca.pem) and put it in /etc/Cloudflare/authenticated_origin_pull_ca.pem. In WHM I added the following to Server Configuration > Apache Configuration > Include Editor > Pre Main Include (Global)
After restarting Apache, I get 502 Bad Gateway. I tried adding the “Require zip XXX.XXX.XXX.XXX” rules to .htaccess and uploaded that to public_html on the cPanel FTP.
In Cloudflare I have SSL/TLS encryption mode set to “Full”, and Authenticated Origin Pulls enabled.
Any ideas on what I’m messing up here? Any help is greatly appreciated
I think that 502 error means your server was unable to validate Cloudflare’s client certificate. I think that means your server failed to read the
First, make sure the path you specified is correct. In your explanation you have a capital C on
Cloudflare but in your config it’s lowercase. Unix filesystems are case-sensitive so make sure that matches, and otherwise that the path is right.
If the path is right–did you do a full restart of Apache or just a config reload? Apache sometimes needs a full restart to pick up a new certificate.
Finally, and probably the correct answer, for the config you pasted in, what context is it in, in your
SSLCACertificateFile directive must be either in the top-level server config, or at the top level of a virtual host config. It cannot be in a
<Location> or in an
As for the capitalization thing - That was a typo when writing this post. The capitalization is correct in the config files. I tried adding the rules via WHM’s include editor for Apache. I tried Pre Main Include, Pre VirtualHost Include, and Post VirtualHost include. Alternatively, I tried editing /etc/apache2/conf/httpd.conf and adding the rules there. The file/directory is correct because WHM will return an error if the file cannot be found on the server when adding the rules. Finally, yes, I did restart Apache after adding the rules.
Check your server’s error log (probably
/var/log/apache2/error.log) at the time the error happens.
From what I can tell, there’s nothing of value in the error.log file. It’s only indicating the shutdowns in between me testing around with the httpd.conf, and rebuilding/restarting Apache. I took a few Cloudflare ray ID’s and tried to look them up in the WAF logs, but none match the logs. I’ve contacted my VPS host, and they have no clue.