I’m running nginx on Windows 10 to reverse proxy Organizr, which serves as a frontend to my htpc services (sonarr, radarr, plex etc).
I have a Google Domain and a Powershell script running once an hour to update my ip with their included DDNS, so visiting mydomain.com drops me on organizr (my nginx root). This was all working fine this morning so I decided to secure it using Cloudflare.
I took the following steps:
Added my domain to my cloudflare account
Created origin certificate and private key with this guide. Saved them in c:/nginx/certs
Added the following to my nginx config and restarted it:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
On the Crypto tab of the dashboard I changed SSL to Full.
Now if I try:
The machine’s ip (local network) or mydomain.com (local network or on my phone over LTE) I get 400 Bad Request: The plain HTTP request was sent to HTTPS port.
The machines ip prefaced by https:// I get The certificate is only valid for the following names: *.mydomain.com, mydomain.com Error code: SEC_ERROR_UNKNOWN_ISSUER
https://mydomain.com I get SSL_ERROR_NO_CYPHER_OVERLAP
So #1 I’m not too worried about. I think I can hit the Always use HTTPS toggle in the Crypto section of the Cloudflare dashboard to fix that?
#2 I guess I didn’t add my local ip as a hostname when I generated the certificate. I was able to add an exception in firefox although I get a Connection is not Secure icon in the address bar.
#3 I get the error above. This support page says that it can take up to 24 hours for the cert to verify. I realise I’m using a free service, so I’m ok with that, I’m just wondering if there’s any way to check that I’ve done everything right in the meantime? It would be really annoying to wait until tomorrow, only to find out I’ve done something wrong, update a setting and need to wait another 24 hours to know if I’d fixed it or not.