I’m trying to setup Full(strict) or at least Full encryption mode on a cpanel hosting account proxied through cloudflare on a free plan.
Initially I tried setting up using a letsencrypt certificate which obviously did not work as by reading some other forum posts I understand letsencrypt certificates are not accepted for Full(strict) encryption mode on free plans.
Now I’m trying to do the same thing using a Cloudflare origin certificate. I took these steps until now:
generated the certificate on cloudflare;
added the cloudflare generated private key and certificate in cpanel as for any regular certificate;
installed the certificate for the specified domains. the certificate includes the main domain and the wildcard " *.domain.com");
also added the cloudflare CA bundle certificate when installing the certificate.
So to my eyes I took all of the required steps.
Now if I choose the Full or Full(strict) encryption modes for this domain in cloudflare I get a 502 Bad Gateway error.
If however I select the Flexible encryption mode the website loads just fine. Also if I select Off obviously the site loads fine except there’s no secure connection but I can see that the cloudflare certificate was installed properly.
Also using a letsencrypt certificate installed on the server if I turn off proxying through cloudflare the website works as expected.
What am I missing? Anybody else faced this issue and found a solution?
No, no redirects. I only have a simple php file in the public folder just to test things out. So i’m keeping things as simple as possible so that it’s easier to debug.
when the hostname is proxied and set to Full (Strict) ssl and using the CA origin cert, I get the 502 error and it says that the certificate is valid and it’s details are:
Common Name (CN)
Organizational Unit (OU)
Thursday, January 6, 2022 at 6:26:23 AM
Wednesday, April 6, 2022 at 7:26:22 AM
But obviously the page is not loading.
I also worked with the hosting provider to solve the issue but they say there’s no issue with the certificate installation (and I can confirm that by setting encryption to Off) and that on their side there is nothing blocking cloudflare IP’s, which I have to agree with since it works if I set the encryption to Flexible and keep the hostname proxied.
I checked all of the other potential issues from the tutorial you provided. There are plenty of resources available and the ip’s are not blocked.
It’s interesting that I have a second domain hosted with the same provider and using a cPanel, Inc. issued certificate which works fine with Full (strict) encryption. So apparently there’s some issue with the cloudflare issued certificate, as if cloudflare does not trust it’s own certificate.
By the way, thank you for taking the time to reply.