SSL not loding with the Apache webiste

Hi
I am Sudheer, I was created the SSL certs on “Origin Certificates”, after I configured those .key and .pem files in apache2 for my site.

While accessing the webbsites I am getting the error of “connection is not secure”, so it’s not loading with cloudflare SSL.

Please give me the solution ASAP.

Thanks,
Sudheer.K.

May I ask if you have saved and restarted/reloaded Apache web service after modifications?

Furthermore, are the DNS records (hostnames) proxied and set to :orange: cloud?

I assume you used instructions provided from the below article?:

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

If using Cloudflare Origin CA Certificate, please make sure you’ve selected Full (Strict) SSL:

I restarted the Apache server also and I copied two files one is .pem and .key is that correct?

I am configuring SSL for sub domain demo.olivetech.in

My edge certificate is Let’sencrypt
*.olivetech.in, olivetech.inUniversal

Active

2022-04-04(Managed)

Review Universal Certificate for *.olivetech.in, olivetech.in

The certificates in the pack listed below are managed and auto-renewed by Cloudflare.

Certificate Expiration
SHA256 RSA 2022-04-04(Managed by Cloudflare)

Certificate Validity Period

3 months

Certificate validation method

TXT

Certificate Authority

Let’s Encrypt

I put Full ( Strict) mode

olivetech doesn’t have DNS records.

yeah, I am creating for sub domain of olivetech.in and that’s called - “demo.olivetech.in”

yeah, I am creating for sub domain of olivetech.in and that’s called - “demo.olivetech.in”

In that case, you’re almost all set. Toggle that DNS entry to :orange: Proxied and it should work.

If I put proxied also it’s not working and I created the certs in this folder /etc/apache2/ssl and I uploaded these certs .pem and .key is that fine?

Now I am trying for directly primary domain - olivetech.in

<VirtualHost *:80>
ServerName olivetech.in
Redirect “/” “https://olivetech.in/
DocumentRoot /var/www/html/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined


<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot /var/www/html/wordpress
ServerName olivetech.in
DirectoryIndex index.php index.html
<Directory /var/www/html/wordpress/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/olivetech.in.pem
SSLCertificateKeyFile /etc/apache2/ssl/olivetech.in.key

I am getting this error You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.

I am using free cloudflare account and it’s not a paid account. is that fine?
please help me with proper steps for install SSL.


That is my issue.

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/olivetech.in.crt
SSLCertificateKeyFile /etc/apache2/ssl/olivetech.in.key
SSLCertificateChainFile /etc/apache2/ssl/origin_rsa_ca.pem

is that correct?

It looks like the ‘demo’ subdomain is gone, but the apex domain olivetech.in now resolves and has the origin certificate.

Not necessary since Cloudflare trusts that certificate.

“Not working” in what way? Right now it’s not proxied, so I can’t check, other than to see that it has the origin certificate.

You can try adding one from this:
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca#2-install-origin-ca-certificate-on-origin-server

I am really not understanding which certificate we need to add for the domain “olivetech.in”, please give me the steps for that.

I already added the certificate in the point off 4 from the doc.

4. (required for some) Add Cloudflare Origin CA root certificates

Some origin web servers require upload of the Cloudflare Origin CA root certificate. Click a link below to download either an RSA and ECC version of the Cloudflare Origin CA root certificate:

I added this certificate - SSLCertificateChainFile /etc/apache2/ssl/origin_rsa_ca.pem

I didn’t enable the Proxy why because of it’s taking the Edgecertificate and that edge certificate is including with the Let’sencrypt.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.