SSL with origin server now no longer needed


#1

Hi,

I had a seperate webhosting where an origin server certificate was required. I am now moving the website to a host that has shared hosting and visitors will be redirected to a CNAME. How do I remove the origin certificate from Cloudfare so that I can get this working with the shared host provider who also use cloudfare?

Cheers
Aaron


#2

I believe this is all handled by DNS. If they are already using Cloudflare, then you’ll add CNAME records to DNS set to :grey:. No need to :orange: if your CNAME points to a server that’s already behind Cloudflare. In fact, that usually breaks stuff due to double-dipping Cloudflare services.

Cloudflare doesn’t have “origin” certificates. They provide them to install on your own server, if you need. Then Cloudflare has their own Universal SSL certificate on their proxy servers that face the public. If your domain is set to :grey:, then you’re pretty much bypassing all of Cloudflare’s services…except for DNS itself.


#3

Thanks sdayman it could be an issue with this shared host provider as they have a function to enable ssl on your domain when you add it to their system. This is currently not working so I’m trying to figure out if having an origin certificate is whats causing the issue.


#4

If it’s a CNAME, then you won’t be able to mess with SSL at your host provider’s end, including the use of an Origin certificate. A “Cloudflare Origin Certificate” is a self-signed (by Cloudflare) certificate that you can install on your server to enable end-to-end encryption. “Origin” means the webserver your content is hosted on.

I use some CNAME subdomains, such as Uptimerobot, where they let me use a CNAME, such as status.example.com that points to status.uptimerobot.com. They add “status.example.com” to the SSL certificate for status.uptimerobot.com so I can still use SSL for my subdomain.

For your DNS settings here, are you using a CNAME, or an A record for your website?


#5

Ok before it was an A record www.domain.com pointing to my old webserver address. That webserver has an origin certificate setup on it.

Now I’ve set it as a CNAME record to point to the new shared hosting target.clickfunnels.com. The clickfunnels domain setup includes the option to turn on SSL for the domain name and this is the part that is not currently working. Within cloudfare I can’t see any options to remove the origin certificate it shows I have 1 but I have no option to delete it.

Thanks for your help so far.


#6

Oh…Clickfunnels. That’s been a struggle lately. Give these forums a search for Clickfunnels. There are many posts on the topic.