Learn about Centmin Mod LEMP Stack today
Register Now

SSL Cloudflare Cloudflare certificate set to Full and self signed ssl certificate doesn't work anymore

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pamamolf, Jul 1, 2020 at 9:39 PM.

  1. pamamolf

    pamamolf Premium Member Premium Member

    3,807
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    10:05 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Hello

    In the past i was setting the Cloudflare Certificate option to Full and using the self signed certificate when i was creating a vhost (menu option 2) and all was ok as i didn't got any warnings.

    Now when i do that i am getting a warning that my certificate is not valid and i must install a certificate like Let's encrypt to get it work....

    I do that always so it's not a big problem but i think that it will be great if it will work as before....

    I tested on two new servers in past few days and i had the same result.....

    Centos 7 and latest Centminmod beta...

    Thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,424
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,692
    Local Time:
    5:05 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    where are you getting warning ? where is it displayed ? as it's working fine on all my sites. Only time you would get warning I'd imagine is if the domain/hostname is not orange cloud enabled CF proxied i.e. bypass CF proxy for DNS only usage
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    3,807
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    10:05 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    On the browser i am getting it and yes with orange cloud....
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,424
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,692
    Local Time:
    5:05 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what does ssllabs test say SSL Server Test (Powered by Qualys SSL Labs) ?

    what's output for this curl command, replace domain with your domain name and ip with your cloudflare public shown domain IP
    Code (Text):
    domain=yourdomain.com
    ip=your_cf_public_ip_dns_a_record
    curl -Ikv https://$domain --resolve $domain:443:$ip
    

    example for my forums with cloudflare public DNS A record IP
    Code (Text):
    domain=community.centminmod.com
    ip=104.18.10.170
    curl -Ikv https://$domain --resolve $domain:443:$ip
    * Added community.centminmod.com:443:104.18.10.170 to DNS cache
    * About to connect() to community.centminmod.com port 443 (#0)
    *   Trying 104.18.10.170...
    * Connected to community.centminmod.com (104.18.10.170) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * skipping SSL peer certificate verification
    * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=centminmod.com,O="Cloudflare, Inc.",L=San Francisco,ST=CA,C=US
    *       start date: Jul 02 00:00:00 2020 GMT
    *       expire date: Jul 02 12:00:00 2021 GMT
    *       common name: centminmod.com
    *       issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: community.centminmod.com
    > Accept: */*
    > 
    
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    3,807
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    10:05 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Can't test it now :(

    But if it works for you then maybe it was my fault on something :)

    If and when i set a new domain/server and got the same issue i will post here again ....

    Thanks