Cloudflare SSL certificate won't show (❌)

Hi, this is my first time setting up HestiaCP. I’m trying to achieve - Hestia with Cloudflare for a website setup in Google Cloud Platform. I’ve followed these two tutorials:

Now everything is working fine, except the Cloudflare SSL certificate is not showing :frowning: in HestiaCP. I copy-pasted all the commands (mentioned on the BLOG in the description of the above videos), to install HestiaCP, Cloudflare CA & then after rebooting changed port to 2083 and then exited, using the SSH in Google Cloud.
(I would’ve provided the link of the blog explicitly but being a new user on this forum its not allowing me to use more than two links).

I copied the Cloudflare certificate and key by creating it from the "Origin server’’ option in Cloudflare account and pasted in hestiaCP (:gear:settings>configure>ssl). It shows “:heavy_check_mark:changes have been saved”, but when I check SSL it’s empty, nothing’s there, as shown in the image below:

& after refreshing, on the browser’s address bar the lock icon :lock: STILL says the certificate provider is “Let’s Encrypt”. I’ve set the Cloudflare to “Full Strict”.

I’m using HestiaCP so I can have access to files and databases of the Wordpress plugins (incase something goes wrong with a plugin and its files and database entries need to be deleted). And I need Cloudflare SSL for its security.
It’s really important for me to set up the website quickly and I’d really appreciate it if someone can help me with this.

take a look at my fix here Error: Let's Encrypt new auth status 429 - #6 by spectre

i tried other ways NON worked except this way!

PS. ignore step 1 if you’re not on cloudflare and start from 2 and report status m8

Thanks for replying Spectre! Appreciate it…

No success. Nothing at all. Neither on the subdomain where hestia is installed nor on my site’s domain…
When I added my site’s domain in Hestia and entered Cloudflare certificate, there atleast its showing that it’s a cloudflare certificate (not on the browser, just in Hestia; on entering domain url on the browser it still says that the issuer is “let’s encrypt”); but in the subdomain where hestia is installed (the main Admin area of the control panel) there it’s not even showing in Hestia that it’s a Cloudflare certificate, leave aside the browser. It just goes blank after entering Cloudflare certificate (as I originally mentioned in the post), although it shows that the changes are saved successfully!! I don’t know what’s going wrong!! :japanese_goblin:

tried reinstalling hestiacp… but no success… if anyone has any solutions then it’d be a great help.

do not copy clouflare certificate into let’s encrypt certificate to issue new one. just keep CF as it is with no copy paste process and issue letsencrypt in hestia cp remembering to leave to last part empty where it says optional…!

i’ve done the process several times when testing new scrips or software by setting up the fresh hestiacp all over again and again :slight_smile:

G Luck,

Hey man, I did some more digging about another method to deploy Wordpress and SSL (Cloudflare setup primarily) and found out that Cloudflare’s “Full (Strict)” mode can be used if there’s a certificate already configured on the server, is Unexpired and either issued by a publicly trusted certificate authority (like Let’s Encrypt) or Cloudflare’s Origin CA. I thought the Full (Strict) mode can only be used if it’s Cloudflare’s Origin CA. That’s why I was just so reluctant to use any other SSL certificate other than Cloudflare’s Origin CA. So as you suggested I can totally use Cloudflare’s Full (strict) mode with a Let’s Encrypt certificate installed on Hestia!! :smiley: And there’s no need to copy paste Cloudflare Origin CA certificates, can just use Let’s Encrypt certificate only.

…although I don’t quite understand why the third field (the optional part that you’re saying) needs to be empty…? Can’t I just use the Let’s Encrypt certificate in the default mode?

And lastly it would be a breeze if those Let’s encrypt certificates for the domain (the main website) and the subdomain (on which I installed hestia) can be auto-renewed! So I don’t have to deal with renewing them every time manually.

I have just tested with an self signed certificate and it works fine as expected.

If you generate a certificate from Cloudlare

Make sure to follow the instructions here:
https://docs.hestiacp.com/admin_docs/web/ssl_certificates.html#can-i-use-a-cloudflare-origin-ssl-certificate-with-cloudflare

1 Like

Good to hear you worked it out bro :slight_smile:

We are all learning either easy way or hard way…!

PS. I get stuck installing HestiaCP “Discourse” and have to redo my VPS 3 or 4 times a day :frowning:

Just install the discourse docker image. It works great…

2 Likes

After installing cloud flare certificate and all the above processes its was fine but after some time aprrox 1 day when navigate again to my domain on browser it shows ssl handshake fail error 525,; and i check my hestia configuration nginx is also stop and when try to restart nginx , unable to restart nginx, … What goes wrong don’t know