This cloudflare SSL setup is very confusing!


Please help. We have apache2 setup and we are currently trying to setup SSL. According to your instructions, you need to download .pem file. But in the guide, you need to set ssl file which is a .crt file. I can’t find it anywhere, and the site has been down for several days trying this SSL setup. Need urgent advise as we are planning to put all our websites with cloudflare.


There is nothing Cloudflare specific about this. You simply need to setup Apache so that it has a valid certificate and listens on a port with HTTPS enabled.


how will I know it has a valid certificate and it is pointing to the right one?

In Crypto page of Cloudflare > under Origin Certificate > Hosts > it is only giving me a .pem

In the guide:


Your Guide has it right. From your first image, the Origin Certificate is the SSLCertificateFile (.crt). Below that (from the first image) would be the Private Key: SSLCertificateKeyFile (.key)

Cloudflare is only going to show you the Private Key once. If you didn’t copy it, delete it and make a new one. It will regenerate both keys for you.


ok… see pic below:

and the site is still:

I switched to nginx by the way, i thought it was easier.


I am also getting 400 bad request when accessing the site using just the domain name.


Your site isn’t using Cloudflare right now. If you used the Cloudflare origin certificate, that SSL will only work if you’re going through Cloudflare.

The Not Secure could be because of Mixed Content. If you put it back on Cloudflare, it’ll be easier to troubleshoot and get it working.


thanks! @sdayman
I had to update all my posts from http:// to https:// in the database.

Somehow, somewhere, images were served with http:// only.


Looks good! A couple of observations: There a .js resource loading from which uses a Symantec certificate that will become distrusted later this year. I also see the favicon is trying to load from on Port 4000.


thank you for noticing that. imma make some changes… thanks!

not sure where to find that .js file though.


That .js file looks to be a Mailchimp function. You might want to contact Mailchimp and ask them about their SSL Certificate at chimpstatic.

closed #12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.