SSL Not working after following tut

Hello Guys

I have gone through every tutorial and step guide and video and crawled for answers I don’t know what else to do now apart from a post here, I have done all the steps correctly but still not secured on the website in firefox browser and chrome.

Website = pimpmysocials. com
Name Servers = izabella.ns.cloudflare.com & milan.ns.cloudflare.com
SSL/TLS encryption mode is Full
Origin Certificate is setup and installed with Certificate Authority Bundle RSA Root in Cpanel
Always Use HTTPS = ON
Automatic HTTPS Rewrites = ON

Issues:
Cpanel has a Certificate error “(No Valid Certificate)” - “SELF_SIGNED_CERT_IN_CHAIN”
Firefox Says: Unsafe and to Advance
Chrome Says: NET::ERR_CERT_AUTHORITY_INVALID
New issues: not connecting to the site and getting HTTP ERROR 500

Any help would be welcome

Kind Regards

Now I’m getting redirect loop. Keep redirecting between HTTP and HTTPS.

I guess you can just ignore it, as cPanel does not recognize Cloudflare Origin Certificate as valid certificate - this is only for encryption between Cloudflare and your server.

I guess your DNS is still hitting your server IP address thus you are seeing this.

DNS Name Servers have been changed to cloud flare, don’t have a clue what’s going on now as the site is unreachable, maybe due to what you said swinging from HTTPS to HTTP loop

Getting SEC_ERROR_REUSED_ISSUER_AND_SERIAL

Can you ping your own website and see what IP address you get? Is your server IP or Cloudflare IP (104.x.x.x)?

Im getting 104…

Cloud DNS is coming back as a FAIL

Possible DNS forwarding issue.

Is your SSL mode still in Full? Or Off?

If SSL mode is Full, then I can’t really imagine why there’s redirect loop…

Yes SSL is still in full, from the ping test i recived this… The SOA record for the zone is required to be present in the primary Name Server and is not found. This usually means that the zone file is not setup properly in the primary Name Server host. It may also be due to any of the following reasons.

The Name Server domain is actually not running at all. Start your Name Server domain before running this test again.
The Name Server domain is not reachable from the Internet because there is a firewall or filtering router that is blocking connections to port 53 on this host for both UDP and TCP connections. The firewall configuration must permit connections on this port from any host on the Internet for the DNS to function properly.

Going to start from the beginning and try again…

ok so after going back and starting again still facing the same issues site not reachable 500
Internal Server Error

Hi @pimpmysocials, if/when you get that 500 error again, or if you can reproduce it, please take a screen shot as the details on the error page that are mentioned in this tip, Community Tip - Fixing Error 500: Internal Server Error helps determine how to troubleshoot.

In this case, the name servers were confirmed earlier today, several times, but they no longer point to cloudflare. And, it looks like they are pretty confused atm:

$ dig ns pimpmysocials.com +short
ns67.domaincontrol.com.
ns68.domaincontrol.com.

And, there as been a lot of activity, the zone was confirmed, deleted, added, confirmed, deleted several times. And, ssl was toggled to various settings, at a couple of points turned off. That removes the free certificates that were in place and causes the process to restart when ssl is enabled again.

I see your ticket with Support and have added myself to it along with a link to this thread for details. Support won’t be able to tell you much if the zone is not active on cloudflare. If you want to get this active on cloudflare, I think the approach is:

  • add the zone back to cloudflare (it’s not atm)
  • contact the registrar if you’ve not already and ensure name servers are set to cf, verify there are no icann holds on the domain (is this a new domain, btw?)
  • determine your approach to ssl, do you want end-to-end encryption and have a valid cert on your origin, set ssl to Full (strict).

Your server needs a TLS/SSL certificate to be secure. If your host won’t provide a certificate, but will let you install your own, Cloudflare can provide that:

Hello @cloonan
Yes they were confirmed and working and the site was working also BUT without SSL protection though even when connected to Cloudflare that was the first issue, then the second issue arose the site had an error 500, after checking both sites and DNS to make sure everything was connected and doing lookups and ping tests, the result came back as the site not reachable via DNS but was reaching cloud flare DNS in ping just not pointing to my site or able to grab directory items from what I could see in the inspector tool, I gave it a couple of goes again starting from the beginning and had the same issue every time…

I had to do some HTML/PHP work so I had no time to play around with it and removed settings and installed a temp SSL Cert until I can get Cloudflare working, I would prefer Cloudflare to be honest I just can’t get it working whatsoever.

Kind Regards

SMIB!

Thank you for the detail, the name servers currently don’t point to cloudflare & the site is deleted from your account. Getting the domain working with ssl is a perfect place to start and then you can decide if you want to follow the steps above to add it back to cloudflare.

If you add the zone again and you encounter the error, please take a screen shot and share it here so we can determine if the message came from your origin or from the edge (if so, the screen says cloudflare).

The next steps after that are dependent on figuring out the location of the error. I’ve never seen an edge 500 error, but that does not mean that you have not.

2 Likes

Tried setting up again today and everything seems connected but still warnings when site is reached.

It looks like you have DNSSEC enabled for this domain, most likely at your domain registrar. Double check that it’s also off at Cloudflare (it probably is off already).

Apparently, I had Domain locking on… what a donut :slight_smile:

So I have gone and unlocked and ill check back in a few hours to see if the transfer has taken place.

2 Likes

Ok, maybe it wasn’t DNSSEC. Hopefully that setting will fix it.

1 Like