Want to subscribe to topics you're interested in?
Become a Member

Wordpress SSL Cloudflare Authenticated Origin Pull Certificate failed download

Discussion in 'Bug Reports' started by Matt Williams, Jun 13, 2021.

  1. Matt Williams

    Matt Williams WordPress Fanatic

    497
    96
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +143
    Local Time:
    3:26 PM
    latest
    10
    Trying to get the orgin cert.from cloudflare during the menu option 22 setup and I get this error

    Code:
    --2021-06-12 20:12:50--  https://support.cloudflare.com/hc/en-us/article_attachments/360044928032/origin-pull-ca.pem
    Resolving support.cloudflare.com... 104.18.6.251, 104.18.7.251
    Connecting to support.cloudflare.com|104.18.6.251|:443... connected.
    HTTP request sent, awaiting response... 404 Not Found
    2021-06-12 20:12:50 ERROR 404: Not Found.
    
    I created an orgin cert. in cloudflare which is actually at PEM file.
    Would I just paste the orgin certificate from cloudflare in the orgin.crt located at
    on the server then change the cloudflare SSL setting from Full to Strict?

     
  2. eva2000

    eva2000 Administrator Staff Member

    46,976
    10,646
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,525
    Local Time:
    5:26 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Hmm looks like download url changed yet again - wish they'd use a persistent URL for the download!

    You don't create that one. Now docs at https://developers.cloudflare.com/ssl/origin-configuration/origin-ca do have confusing terminology as that article actually is discussing 2 types, one custom created Origin Certificates and not the Origin CA certificates setup and that differs from the original CF Origin Pull Certificates mentioned at https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull in Zone-Level — Cloudflare certificates section

    Also if you copy and paste from that dev doc the cert contents, it ends up formatted incorrectly too

    [​IMG]

    Code (Text):
    openssl x509 -noout -text < cf-origin-ca.pem
    unable to load certificate 139894394582928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE

    The doc title should really be Managing Origin certificates minus Cloudflare CA term to differentiate it from the original CF Origin Pull CA certificate at https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull in Zone-Level — Cloudflare certificates section.

    For now, you can download to /usr/local/nginx/conf/ssl/cloudflare/mydomain.com the temp created URL I did for CF Origin Pull CA certificate with the correct format at https://gist.githubusercontent.com/centminmod/020e3580eb03f1c36ced83b94fe4e1c5/raw/origin.crt

    change mydomain.com to your domain name for Centmin Mod Nginx vhost
    Code (Text):
    domain=mydomain.com
    wget -O /usr/local/nginx/conf/ssl/cloudflare/$domain/origin.crt https://gist.githubusercontent.com/centminmod/020e3580eb03f1c36ced83b94fe4e1c5/raw/origin.crt
     
  3. Matt Williams

    Matt Williams WordPress Fanatic

    497
    96
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +143
    Local Time:
    3:26 PM
    latest
    10
    Works like a charm now! Thank you @eva2000 !!!!
     
  4. eva2000

    eva2000 Administrator Staff Member

    46,976
    10,646
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,525
    Local Time:
    5:26 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Thanks for reporting the bug. I've updated Centmin Mod 123.09beta01 with the temp URL fix for now so running cmupdate should update folk's installs :)