Hi
I am Sudheer, I was created the SSL certs on “Origin Certificates”, after I configured those .key and .pem files in apache2 for my site.
While accessing the webbsites I am getting the error of “connection is not secure”, so it’s not loading with cloudflare SSL.
Please give me the solution ASAP.
Thanks,
Sudheer.K.
May I ask if you have saved and restarted/reloaded Apache web service after modifications?
Furthermore, are the DNS records (hostnames) proxied and set to 
cloud?
I assume you used instructions provided from the below article?:
May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?
If using Cloudflare Origin CA Certificate, please make sure you’ve selected Full (Strict) SSL:
I restarted the Apache server also and I copied two files one is .pem and .key is that correct?
I am configuring SSL for sub domain demo.olivetech.in
My edge certificate is Let’sencrypt
*.olivetech.in, olivetech.inUniversal
Active
2022-04-04(Managed)
The certificates in the pack listed below are managed and auto-renewed by Cloudflare.
| Certificate | Expiration | |
|---|---|---|
| SHA256 RSA | 2022-04-04(Managed by Cloudflare) |
Certificate Validity Period
3 months
Certificate validation method
TXT
Certificate Authority
Let’s Encrypt
I put Full ( Strict) mode
yeah, I am creating for sub domain of olivetech.in and that’s called - “demo.olivetech.in”
yeah, I am creating for sub domain of olivetech.in and that’s called - “demo.olivetech.in”
In that case, you’re almost all set. Toggle that DNS entry to Proxied and it should work.
If I put proxied also it’s not working and I created the certs in this folder /etc/apache2/ssl and I uploaded these certs .pem and .key is that fine?
Now I am trying for directly primary domain - olivetech.in
<VirtualHost *:80>
ServerName olivetech.in
Redirect “/” “https://olivetech.in/”
DocumentRoot /var/www/html/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot /var/www/html/wordpress
ServerName olivetech.in
DirectoryIndex index.php index.html
<Directory /var/www/html/wordpress/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/olivetech.in.pem
SSLCertificateKeyFile /etc/apache2/ssl/olivetech.in.key
I am getting this error You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
I am using free cloudflare account and it’s not a paid account. is that fine?
please help me with proper steps for install SSL.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/olivetech.in.crt
SSLCertificateKeyFile /etc/apache2/ssl/olivetech.in.key
SSLCertificateChainFile /etc/apache2/ssl/origin_rsa_ca.pem
is that correct?
It looks like the ‘demo’ subdomain is gone, but the apex domain olivetech.in now resolves and has the origin certificate.
Not necessary since Cloudflare trusts that certificate.
“Not working” in what way? Right now it’s not proxied, so I can’t check, other than to see that it has the origin certificate.
You can try adding one from this:
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca#2-install-origin-ca-certificate-on-origin-server
I am really not understanding which certificate we need to add for the domain “olivetech.in”, please give me the steps for that.
I already added the certificate in the point off 4 from the doc.
Some origin web servers require upload of the Cloudflare Origin CA root certificate. Click a link below to download either an RSA and ECC version of the Cloudflare Origin CA root certificate:
I added this certificate - SSLCertificateChainFile /etc/apache2/ssl/origin_rsa_ca.pem
I didn’t enable the Proxy why because of it’s taking the Edgecertificate and that edge certificate is including with the Let’sencrypt.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
