Stuck on ORIGIN SSL Cert - Ubuntu 22.04 - AWS EC2

lfm · November 6, 2022, 11:51am

Hail folks, I am a sort of new user here on Cloudflare, I am trying features, performance and services. Last night I’ve spent couple hours stuck on long lifetime SSL, I’ve already used CERTBOT with Cloudflare but I’d like to try do it using dashboard to get 15yrs Cert. I’ve been follow all steps, put my domain on Cloudflare, I waited it get full propagate and so, I created “Origin Server” certificate, I copy and paste the Origin hash content on file on my linux server as my_site.com.pem and the private key as my_site.com.key, also I have downloaded the CA file and store it in the same directory /etc/Cloudflare/, so, I made my own vhost config. file as below, but it shows a unsafe/unrecognized cert (that red warning when cert don’t match with domain), by now, I am stuck on this one and need some community help to hold it on:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        SSLEngine on
        ServerName my_site_origin.com
        ServerAlias my_site_origin.com *.my_site_origin.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/my_site_folder/

        SSLCertificateFile  /etc/cloudflare/my_site_origin.com.pem
        SSLCertificateKeyFile /etc/cloudflare/my_site_origin.key
        SSLCACertificateFile /etc/cloudflare/origin_ca_rsa_root.pem
#LOGS:
        ErrorLog ${APACHE_LOG_DIR}/mysite-error.log
        CustomLog ${APACHE_LOG_DIR}/mysite-access.log combined

</VirtualHost>
</IfModule>

sandro · November 6, 2022, 11:52am

Origin certificates will always throw an error in your browser, as they are not publicly trusted. Make sure your encryption mode is Full Strict and your DNS entry is proxied.

sandro · November 6, 2022, 11:54am

It has to be Full Strict. Full is insecure.

lfm · November 6, 2022, 12:02pm

Ty Bro, I just forgot to mention it, I am already using FULL (STRICT) and it is proxied that cloud is showing orange color on DNS settings.

sandro · November 6, 2022, 12:03pm

What’s the domain?

lfm · November 6, 2022, 3:55pm

Actually I am not sure if it is solved, cuz, Now I have the SSL working properly, but it shows expire data in 2 months not in 15yrs asI had chosen. domain is: www.anacluadiaabreu.com.br (it is just a template), I will upload the correct content after solve it all (my wife’s website).

sandro · November 6, 2022, 4:11pm

That expiry date is about the proxy certificate, not your server certificate. The former is managed by Cloudflare.

Your site is loading fine and if you are on Full Strict, then your configuration is correct.

lfm · November 6, 2022, 6:44pm

Yep, I am sure that is “Full Strict mode”. Ah ok then! Thank you so much for your attention and support. Kind regards.

system · November 9, 2022, 6:45pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.