Using cloudflare whilst already having LetsEncrypt

I’ve tried this a few times now on different domains and each time I’ve ended up falling back on simply using Cloudflares SSL Certs. I’d prefer to use and manage my own certs whilst at the same time getting the benefits that Cloudflare allows me. I’ve spent hours on trying to figure out why even though my domain is in Full Strict mode and my SSL cert issued from LetsEncrypt on my server is valid but when I navigate to https://oombie.com (the domain I’m currently trying to get working) I’m just getting an SSL_ERROR_NO_CYPHER_OVERLAP on Firefox. Logically to me, this makes no sense as I’ve read into Full Strict mode and by all accounts what I’ve set up should… should work.

Any help would be great :+1: :smile:

First of all, you need two certificates anyhow. One on your server (managed by you) and one on Cloudflare (managed by them).

As for your current problem, thats an issue with the Cloudflare certificate. Can you full post a screenshot of your Crypto settings?

Thanks for the reply, from what I know, I don’t have a Cloudflare SSL cert. Although I may be wrong. I’ve attached a screenshot of my whole Crypto screen.

Enable universal SSL at the very bottom of the page. After some time the certificate should be active and you should be good to go.

Will that not void my LetsEncrypt cert coming from my server and in turn just use the cloudflare one?

Cloudflare connects to your server’s TLS/SSL certificate, and visitors connect to Cloudflare’s TLS/SSL certificate. That’s part of the reverse proxy system Cloudflare runs.

1 Like

Thanks, I think I can see where I was going wrong in thinking about how it all works out. You and @sandro been a great help :heart:

1 Like

That is where the two certificates come into play.

1 Like

One step forwards, I’ve gotten past the first error. I’m now getting a Error: 526 stating my servers ssl cert is invalid. I’ve googled why this may be but all the reasons point to my ssl cert being invalid in some way and it isn’t. May this just be a timing thing?

In this case it shouldnt be a timing thing. Do you have the right IP address configured?

You where completely correct. It was an IP mismatch with my nginx server and the ssl cert! :+1: It’s all working now. Thank :smile:

1 Like

Just keep in mind to renew your server certificate whenever it is about to expire. That certificate is not automatically managed by Cloudflare, only the on Cloudflare’s servers.

2 Likes

I use certbot and I’ve got all the cron jobs set up but thanks for the heads up :+1:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.