Learn about Centmin Mod LEMP Stack today
Register Now

SSL Cloudflare Weird SSL Cert Behind Cloudflare?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by GASTAN, Jan 7, 2020.

  1. GASTAN

    GASTAN Member

    92
    12
    8
    Jun 28, 2017
    Ratings:
    +18
    Local Time:
    3:31 PM
    I have latest centmin beta installed and my wordpress site, which I did not get SSL cert for has one.
    Which find kind of strange. Strangest is, when I check the cert there is bunch of weird domains on it:
    upload_2020-1-6_16-27-19.png
    I dont understand what is it. Was my server hacked? Is this normal ?
    (I do use Cloudflare for DNS, but that's it)
     
  2. buik

    buik 'The greatest enemy of success is fear' Premium Member

    1,338
    369
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,112
    Local Time:
    3:31 PM
    Nothing to worry about.
    Normal behavior, as you are sharing the service with others.

    If you really don't want this. You can obtain your own personal certificate.
    Via your own or by Cloudflare.

    However, I do not know which package you currently use at Cloudflare.

     
  3. eva2000

    eva2000 Administrator Staff Member

    45,974
    10,444
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,206
    Local Time:
    12:31 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    You're using Cloudflare's free SSL cert which is a shared SSL cert with common names of Cloudflare protected domains included in the SSL cert. If you want your own domain name only then upgrade to paid $5/month dedicated SSL certificate at Cloudflare via the SSL/TLS > Edge Certificates dashboard tab. This forum uses the $5/month dedicated SSL cert :)

    Dedicated Cloudflare SSL Cert covers main domain.com and *.domain.com so is a wildcard SSL certificate :)

    cmm-dedicated-ssl-cert-cloudflare-01.png cmm-dedicated-ssl-cert-cloudflare-02.png
     
  4. GASTAN

    GASTAN Member

    92
    12
    8
    Jun 28, 2017
    Ratings:
    +18
    Local Time:
    3:31 PM
    thx guys.
    I have free CF plan.
    I guess I better go for LetsEncrypt then...
    Or disable SSL.
    problem with WP right now is, if somebody enters to site as https, then contact forms do not work, as they use HTTP urls, which is not allowed from https page
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,974
    10,444
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,206
    Local Time:
    12:31 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Then fix the contact form to use HTTPS - ensure Wordpress domain in admin us HTTPS based and there's nothing wrong with using Cloudflare free ssl shared cert.