The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cloudflare cPanel SSL Issue

Discussion in 'Security' started by rseiler, Feb 26, 2017.

Tags:
  1. rseiler

    rseiler Member

    Joined:
    Feb 26, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Has anyone here had success with this?
    How to install an Origin CA certificate in cPanel

    I've done that more than once (and tried both methods for the CSR). I've also, I think, accounted for everything here:
    Why isn't SSL working for my site?

    But https://mysite.com comes back with a "NET::ERR_CERT_AUTHORITY_INVALID" error, which doesn't make sense when the domain and "www" are "orange clouded" (now, actually, just visually represented by "On") in Cpanel's Cloudflare (DNS) section. Which they are.

    And https://www.mysite.com just goes to the non-SSL version of the site.

    As for the "Crypto" section on Cloudflare, I've tried all of them, including Full and Full (strict). No effect.

    Cpanel: 62.0.15

    Correction: Today, https://www.mysite.com behaves the same way as https://mysite.com.
     
    #1 rseiler, Feb 26, 2017
    Last edited by a moderator: Feb 27, 2017
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    What is your domain? You can private message me if you don't want it seen by all.
     
  3. rseiler

    rseiler Member

    Joined:
    Feb 26, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Which is apparently called a "conversation" here, but I see no way of starting one. Can you send one to me?
     
  4. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Hmm guess you can't :(

    "You may not start a conversation with the following recipients: rseiler."

    Question, when you go to "Crypto" tab in CloudFlare, does it actually say "Active Certificate". ?

    As far as installing the origin certificate, its very easy, just use CloudFlare's default so click:

    Create certificate - In the popup leave everything as is and click Next

    Then copy the first box Origin Certificate into WHM > Install an SSL certificate > Certificate box

    Then click "autofill by certificate". Change the domain to 'domain.com'

    and below where you pasted the certificate it should say something like:


    Domains:
    • CloudFlare Origin Certificate
    • *.domain.com
    • domain.com

    so it will work on www as well even if you just place in 'domain.com'.

    then copy / paste the Private key from CloudFlare into the second box in WHM > Install an SSL certificate > Private Key:

    You do NOT need an intermediate certificate as the SSL is only going to communicate back with CloudFlare's servers so browser compatibility isn't a worry here.

    In the Crypto tab in CloudFlare, set it to Strict.

    This should be all you need to do.

    If no go here: SSL Checker - SSL Certificate Verify

    and paste the results
     
  5. rseiler

    rseiler Member

    Joined:
    Feb 26, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    It does say Active Certificate, in green. And that Origin certificate is also visible down to the client (Ctrl-Shift-I, Security -- in Chrome, for example), which I'm not sure should be the case normally (I expected it to be more or less a private cert between CF and the origin server and for CF to present some other one to clients).

    The procedure you mentioned sounds like an abbreviated version of what I did in the first link in my top post. If you think that procedure has a flaw (and at this point I'm hoping it does), then I'd be glad to start over again.

    Try PM'g again please, as I found a place in Privacy where receiving them was still off. Still don't see where I can send them from, as that's extremely well hidden.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,618
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    New users with less than 5 posts are not able to have private conversations due to spamming.

    Have you contacted Cloudflare about your issue?
     
  7. rseiler

    rseiler Member

    Joined:
    Feb 26, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Yes, that's ongoing, but it's a very slow process, and since so much of this ultimately involves cPanel, I suspect in the end that they'll refer me here.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,618
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've never heard of Cloudflare being slow to respond to support requests.
     
  9. rseiler

    rseiler Member

    Joined:
    Feb 26, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Maybe there's a difference with Free users, which understandably they seem to limit to about a 1-day interval.
     
  10. rseiler

    rseiler Member

    Joined:
    Feb 26, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Forgot to mention that we don't use WHM (or, at least, our provider doesn't provide access), but what you're describing sounds much the same as the Cpanel route taken (SSL icon there), as shown in the first link.

    Yeah, that's what I thought too, but how to explain it reaching all the way to the client?

    Just as soon as the board lets me. Over 5, now. It passes, though, inexplicably.
     
  11. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    It shows your access level as Root Administrator which usually entails having access to WHM. You may have to rely on CloudFlare support as I can't assist further without seeing where the problem actually is.
     
  12. rseiler

    rseiler Member

    Joined:
    Feb 26, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    It's simply not a feature of our shared hosting plan. If it were, I would have access to it, but either way WHM is not necessary to install the origin cert. I'm in contact with the "hosting partner" now, since at this point I don't think there's anything left to be done in Cpanel or Cloudflare. Universal SSL, which is supposed to be "automatic," is just not getting through to clients, though it does to checkers like sslshopper.com and ssllabs.com. Go figure.
     
Loading...

Share This Page