Stuck on ORIGIN SSL Cert - Ubuntu 22.04 - AWS EC2

Hail folks, I am a sort of new user here on Cloudflare, I am trying features, performance and services. Last night I’ve spent couple hours stuck on long lifetime SSL, I’ve already used CERTBOT with Cloudflare but I’d like to try do it using dashboard to get 15yrs Cert. I’ve been follow all steps, put my domain on Cloudflare, I waited it get full propagate and so, I created “Origin Server” certificate, I copy and paste the Origin hash content on file on my linux server as and the private key as, also I have downloaded the CA file and store it in the same directory /etc/Cloudflare/, so, I made my own vhost config. file as below, but it shows a unsafe/unrecognized cert (that red warning when cert don’t match with domain), by now, I am stuck on this one and need some community help to hold it on:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        SSLEngine on
        ServerAlias *
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/my_site_folder/

        SSLCertificateFile  /etc/cloudflare/
        SSLCertificateKeyFile /etc/cloudflare/my_site_origin.key
        SSLCACertificateFile /etc/cloudflare/origin_ca_rsa_root.pem
        ErrorLog ${APACHE_LOG_DIR}/mysite-error.log
        CustomLog ${APACHE_LOG_DIR}/mysite-access.log combined


Origin certificates will always throw an error in your browser, as they are not publicly trusted. Make sure your encryption mode is Full Strict and your DNS entry is proxied.

1 Like

It has to be Full Strict. Full is insecure.

1 Like

Ty Bro, I just forgot to mention it, I am already using FULL (STRICT) and it is proxied that cloud is showing orange color on DNS settings.

What’s the domain?

Actually I am not sure if it is solved, cuz, Now I have the SSL working properly, but it shows expire data in 2 months not in 15yrs asI had chosen. domain is: (it is just a template), I will upload the correct content after solve it all (my wife’s website).

That expiry date is about the proxy certificate, not your server certificate. The former is managed by Cloudflare.

Your site is loading fine and if you are on Full Strict, then your configuration is correct.

1 Like

Yep, I am sure that is “Full Strict mode”. Ah ok then! Thank you so much for your attention and support. Kind regards.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.