What is the best practice (from a security standpoint) for setting up SSL between Cloudflare and ServerPilot? I have a domain on a “Pro Website” account and my SSL/TLS encryption mode is set to “Flexible”.
On ServerPilot I have the option to enable AutoSSL, or add a custom SSL certificate.
Thank you in advance!
Behind Cloudflare, I recall I had trouble with AutoSSL at ServerPilot, so I added a custom SSL certificate. And then definitely use Full (Strict) mode here.
Thanks @sdayman. So I’ve made the following changes but I’m still struggling:
- Cloudflare: changed SSL mode to “Full (strict)”
- Cloudflare: disabled “Universal SSL”
- Cloudflare: changed “Proxy status” to “DNS only”
- Cloudflare: generated a new Origin Certificate
- ServerPilot: disabled AutoSSL, disabled “Redirect to HTTPS”
- ServerPilot: installed certificate on the app
The domain is now resolving but I receive the “Warning: Potential Security Risk” error with “Error code: SEC_ERROR_UNKNOWN_ISSUER” in Firefox and “NET::ERR_CERT_AUTHORITY_INVALID” in Chrome.
If I run the domain through SSL Checker I get green ticks for everything with the exception of the following:
" The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. The fastest way to fix this problem is to contact your SSL provider.
Common name: CloudFlare Origin Certificate
SANs: *.virtualchoir6.com, virtualchoir6.com
Organization: CloudFlare, Inc. Org. Unit: CloudFlare Origin CA
Valid from April 16, 2020 to April 13, 2035
Serial Number: 599c5890c6e9144655c0008d95ee1e8607c4315d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CloudFlare, Inc."
You’ll need to turn this back on for Cloudflare to proxy your site as HTTPS.
This topic was automatically closed after 30 days. New replies are no longer allowed.