Using Custom Certificate

Hello, I am trying to use a Origin Server Cloudflare certificate and it is kinda working. The private key and cert itself are valid, but the CA Bundle totally failing, it says it’s “optional”, but that’s not true. Anyways I got one from CF docs website, it works, but many applications says our website is down and has a self-singed SSL. How would I fix that?

Turn on cloudflare proxy, doesnt work if you use them without it.

1 Like

Hey, I use CF Proxy, turning it off will just put my website at risk releaving the IP

https://docs.hestiacp.com/admin_docs/web/ssl_certificates.html#can-i-use-a-cloudflare-origin-ssl-certificate-with-cloudflare

Should work fine

1 Like

Unfortunatly that didn’t help, do you need any kind of debugging?

Any response?

Documentation has been used many times by myself and work follow the steps or hire somebody…

Ok so 1 is totally done, but how would I do this? Origin CA certificates · Cloudflare SSL/TLS docs

What do you mean? You literally just linked to the directions I would have given you if you had asked that question in the Cloudflare Community.

Actually my bad,

  1. Complete, keys received
  2. The keys are inserted in the HestiaCP settings for the website
  3. Done
  4. The key is inserted in the HestiaCP as it is required

And this is all still resulting in errors. If you need an url for the website, ask

You need to include:

https://developers.cloudflare.com/ssl/static/origin_ca_rsa_root.pem

As wel…

Well include in the intermediate certificate right? I’ve done it

You should not need the Cloudflare Origin CA root certificate. Cloudflare already has it in its trust store, so there is no need to send it in the CA bundle. You don’t want your server to trust certificates issued by that CA, so you don’t want it on your system trust store nor your webserver trusted CA list.

What is the specific error you see and what exactly are you doing that triggers the error?

If you are receiving an untrusted certificate error when you connect directly to your origin server, that is the expected behavior. Cloudflare Origin CA certificates are intended to be trusted by only the Cloudflare proxy.