HELP with SSL/CERT - Cloudflare Developers (2024)

CD

Cloudflare Developers2d ago

johNN

Hi, i have installed pterodactyl panel and i'm facing some problems related to using an alias ip.

39 Replies

johNN2d ago

For example i have here an web hosting page

johNN2d ago

HELP with SSL/CERT - Cloudflare Developers (1)

johNN2d ago

my alias is "uk.felipefogaca.dev" setup with node alradyalso my node domain is thiswhen trying to connect it

johNN2d ago

goes with SSL protocol error

HELP with SSL/CERT - Cloudflare Developers (2)

johNN2d ago

but if i use the vps ip + port, goes alright

HELP with SSL/CERT - Cloudflare Developers (3)

johNN2d ago

i have only two dns setup, one for panel and one for node

johNN2d ago

HELP with SSL/CERT - Cloudflare Developers (4)

johNN2d ago

both with certificates done in the vps

HELP with SSL/CERT - Cloudflare Developers (5)

johNN2d ago

ps.: the panel and node are installed in the same machineps.: i tried to get some help with ptero members in their discord and they have told me to go cloudflare discord for this

Chaika2d ago

I see this:

HELP with SSL/CERT - Cloudflare Developers (6)

Chaika2d ago

if it's unproxied blurring the IPs is useless as anyone can dns query to get them anywayand also unproxied means CF isn't in the middle/not the issue with sslFor me, the issue I see is that on the uk subdomain it's trying to use the panel certificateoh I didn't specify the port, https://uk.felipefogaca.dev:25569/ I just get connection refusedregardless this would be an issue with your origin since it's unproxied, CF isn't in the middle, double check your configs

johNN2d ago

thank you so much for the responseactually for some reason my panel is with CF in the middleconnected with SSL and everythingbut the node isnt collaborating hahah

Chaika2d ago

the panel subdomain doesn't have proxy enabled/cf in the middlenor ukyou can tell by the "DNS only" proxy status, or from the end user point of view, if you do a dns lookup and see two CF IPs (ex: 104.x,172.x), or look at response headers and look for server: Cloudflare

Chaika2d ago

HELP with SSL/CERT - Cloudflare Developers (7)

Chaika2d ago

possible that you used to have them proxied and just now unproxied and your DNS Cache has you still going to Cloudflare though, if you had them proxied recently

johNN2d ago

ive already flushed my dns cache and still nothing

Chaika2d ago

"still nothing" in what way? What are you looking for?Your origin has an actual misconfiguration and is serving the wrong tls certificate for port 443. For port 25569, it doesn't respond at allIf you're seeing Cloudflare in the middle, clearing dns cache (and switching from your ISP's default resolver, they ignore cache ttl sometimes) could help get that issue out of the way

johNN2d ago

i did a complete reinstall and re-certificate to make sure that isnt that the problemi still got the same problem with the panel installed againive asked for someone that knows pterodactyland he answered me this:"Automatic rewrites that are transforming all requests to https, regardless of the actual destination (TCP Port : 25565) the browser is being sent to HTTPS. Neither 443 or 80 are exposed and no SSL Certificate is being specified."

johNN2d ago

i am using TLS on flexible and doesnt do much

HELP with SSL/CERT - Cloudflare Developers (8)

johNN2d ago

i don't have any rules setup related to the domainjust fresh recent bought domain from CFdns records still the sameall pointed to the VPS

Chaika2d ago

None of those settings in CF matter as long as your dns records are dns-only and not proxiednot automatic https rewrites, not encryption mode, etcYour origin, directly, is serving the wrong certificate for uk, it's serving panelThat is an origin configuration error, in nginx it'd be a misconfiguration of the ssl cert. Not sure what pterodactyl uses but regardless it's something on the origin's end

johNN2d ago

but both got their certs now

Chaika2d ago

That's for 80/443 at least. For the port 22569, it just doesn't respond. Cloudflare proxied wouldn't even work for 25569 because it's not a supported edge port

Chaika2d ago

on 443/https I still see this

HELP with SSL/CERT - Cloudflare Developers (9)

Chaika2d ago

even directly to the IP:25569 I just see this:

HELP with SSL/CERT - Cloudflare Developers (10)

johNN2d ago

http://179.61.226.215:25565/should work likehttp://uk.felipefogaca.dev:25565also they are dockerized

johNN2d ago

message from a friend:

HELP with SSL/CERT - Cloudflare Developers (11)

Chaika2d ago

that's a different port https://discord.com/channels/595317990191398933/1242856081013739620/1242856416121847908above you shared 25569that's 25565

johNN2d ago

yeah because after the panel reinstalli had to create another instance

Chaika2d ago

ah ok, that was certainly some of the confusion. I see this error now

HELP with SSL/CERT - Cloudflare Developers (12)

johNN2d ago

so the panel reallocate another port by automatic

Chaika2d ago

The reason whyhttp://179.61.226.215:25565/ works andhttp://uk.felipefogaca.dev:25565/ doesn't is because all dev domains are forced HTTPS (secure). So you're constantly and forced redirected to https, which won't work with your origin which only supports http/plaintext

johNN2d ago

i didnt know thatdamn

Chaika2d ago

If you use a headless client like Insomnia (a rest api tool) which doesn't respect dev forced https (called hsts preloading), you can see it does actually work on the domain

HELP with SSL/CERT - Cloudflare Developers (13)

Chaika2d ago

but browsers will always force https for all dev domains

johNN2d ago

so technically to fix this errori need to change my domain extension"dev"

Chaika2d ago

no lol, just get a proper ssl certificate like from certbot/let's encrypt for free, and then setup your origin with thatyou already have one for uk do you not? You just need to configure your hastebin setup to use that. You could throw nginx in front and have it reverse proxy your container

johNN2d ago

got it, thank you for your assistance!i didnt know some extensions force ssl by itselfshouldve know that

Chaika2d ago

all the google ones do, forced hsts preloading

Cloudflare DevelopersJoin

Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news

48KMembers

View on Discord

Want results from more Discord servers?

Add your server

More Posts

build status on githubIs there a way to disable CF Pages build status showing in GitHub RepoI am talking about thisnpm login errorIm trying to setup a new pages site and am getting an npm login error. this is not the first site i redirecthello I would like to redirect a domain name to a minecraft server I have configured the SRV and thefunctions/ in deploy directory?It seems that I can only get wrangler to upload Functions when there's a functions/ directory in theRedirecthello I would like to redirect a domain name to a minecraft server I have configured the SRV and thecan't deploy exampleuntil now I've used the github integration, but I wanted to start a mono-repo and created a dummy prGotcha, I guess I can do that. Would theGotcha, I guess I can do that. Would the `cf` object still be stripped when passing the `Request` thFetching assets in Chrome sometimes results in a long "pending" time before transfer startsI have an issue where sometimes (although rarely) my app takes a very long time to load. InvestigatiWhy am I not receiving my password reset Cloudflare email?I've been trying to log into my account for two days. I can log into my account from my work's compuI'm looking for a way to replicate worker wrangler.toml/routes in local dev mode```toml# wrangler.toml# ...routes = [ { pattern = "example.test/api*", zone_name = "example.te

HELP with SSL/CERT - Cloudflare Developers (2024)

FAQs

How to setup an SSL certificate in Cloudflare? ›

To create a client certificate in the Cloudflare dashboard:
  1. Log in to the Cloudflare dashboard Open external link and select your account and application.
  2. Go to SSL > Client Certificates.
  3. Select Create Certificate. ...
  4. For Private key type, select a value.
  5. For Certificate Validity, select a value. ...
  6. Select Create.
Feb 25, 2024

Does Cloudflare provide an SSL certificate? ›

Cloudflare offers free SSL/TLS encryption and was the first company to do so, launching Universal SSL in September 2014. The free version of SSL shares SSL certificates among multiple customer domains. Cloudflare also offers customized SSL certificates for enterprise customers.

How long does it take for SSL certificate to work on Cloudflare? ›

It may take up to 24 hours for the certificate to be fully set up. Until Cloudflare finishes setting up the certificate for your site, you will see SSL warnings when visiting your site using HTTPS. Once the certificate is set up (which should be within 24 hours), the warnings should go away.

How do I update my Cloudflare SSL certificate? ›

To update a certificate in the dashboard:
  1. Log in to the Cloudflare dashboard Open external link and select your account.
  2. Select your application.
  3. Go to SSL/TLS.
  4. In Edge Certificates, locate a custom certificate.
  5. Select the wrench icon and select Replace SSL certificate and key.
May 10, 2024

What certificate authority does Cloudflare use? ›

Cloudflare uses Let's Encrypt, Google Trust Services, Sectigo, and DigiCert.

How to validate Cloudflare SSL certificate? ›

To verify the DCV status of a certificate, either monitor the certificate's status in the dashboard at SSL/TLS > Edge Certificates or use the Verification Status endpoint Open API docs link .

How to generate an SSL certificate? ›

Introduction
  1. Step 1: Install and run OpenSSL. ...
  2. Step 2: Generate the root private key. ...
  3. Step 3: Create a self-signed certificate. ...
  4. Step 4: Install the root certificate on the workstation(s) ...
  5. Step 5: Create a private key. ...
  6. Step 6: Generate the certificate signing request. ...
  7. Step 7: Upload the certificates to your Teramind server.

Why is Cloudflare certificate not trusted? ›

Understanding the Cloudflare Origin Certificate

This certificate, by default, isn't issued by a recognized certificate authority (CA). Therefore, if the certificate's connection chain isn't correctly set up, the “Origin Certificate Not Trusted” error might surface.

How do I know if my SSL certificate is working? ›

To check if SSL certificate is installed, you can use the Certificate Manager tool and check its validity period. Another alternative option is to use the sigcheck Windows Sysinternals utility to verify TLS version. Download the utility and run it with the switch command sigcheck -tv.

Does Cloudflare SSL expire? ›

​​ Universal SSL

For Universal certificates, Cloudflare controls the validity periods and certificate autorities (CAs), making sure that renewal always occur. Universal certificates issued by Let's Encrypt or Google Trust Services have a 90 day validity period.

Why is my SSL certificate taking so long? ›

Occasionally, the issuance may take longer and require up to several days. This is the case when some issue occurs during the issuance or validation. Common issues are: misconfiguration of the domain.

How do I enable Cloudflare SSL certificate? ›

To enable Always Use HTTPS in the dashboard:
  1. Log in to your Cloudflare account Open external link and go to a specific domain.
  2. Go to SSL/TLS > Edge Certificates.
  3. For Always Use HTTPS, switch the toggle to On.
Mar 28, 2024

How do I manually update my SSL certificate? ›

Key Steps to Renew Your SSL Certificate
  1. Generate a new Certificate Signing Request (CSR) from your hosting provider.
  2. Activate your SSL certificate from your hosting dashboard.
  3. Validate your SSL certificate using the generated CSR.
  4. Install your new SSL certificate either manually or via contacting your hosting provider.
Mar 13, 2024

How do I refresh an SSL certificate? ›

STEPS TO RENEW SSL CERTIFICATE
  1. Generate a Certificate Signing Request (CSR)
  2. Select your SSL certificate.
  3. Select the validity (1-year or 2-year)
  4. Fill up all necessary details.
  5. Click on the Continue button.
  6. Review your SSL order.
  7. Make the payment.
  8. Deploy your SSL certificate on the server.

How do I enable SSL on my domain Cloudflare? ›

How to Setup SSL with Cloudflare
  1. Sign up for Cloudflare.
  2. You'll find the Cloudflare name servers for your domain on your Cloudflare Dashboard under Overview. ...
  3. Go to the Cloudflare Dashboard, move to the Crypto section and change SSL to Full.
  4. Scroll down the Crypto page and enable the Always use HTTPS function.
Dec 25, 2023

How do I set SSL to full in Cloudflare? ›

When you set your encryption mode to Full, Cloudflare allows HTTPS connections between your visitor and Cloudflare and makes connections to the origin using the scheme requested by the visitor. If your visitor uses http , then Cloudflare connects to the origin using plaintext HTTP and vice versa.

How to install SSL certificate in cloud? ›

You can find the Classic Certificates tab in the Certificate Manager page linked from the top-level Security page.
  1. Go to the Classic Certificates tab in the Google Cloud console. ...
  2. Click Create SSL certificate.
  3. Enter a name and an optional description for the certificate.
  4. Select Create Google-managed certificate.

How to create an SSL certificate for a subdomain in Cloudflare? ›

Set up an SSL certificate for a domain or subdomain managed by CloudFlare
  1. Log in to your CloudFlare account.
  2. Click on your domain name.
  3. On the domain Details page, click on SSL/TLS:
  4. The Crypto settings page will open.
  5. Click on the Overview tab and select Full or Full (strict) on the right.
  6. Click on the Origin Server tab.
Apr 19, 2022

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Rev. Leonie Wyman

Last Updated:

Views: 5982

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Rev. Leonie Wyman

Birthday: 1993-07-01

Address: Suite 763 6272 Lang Bypass, New Xochitlport, VT 72704-3308

Phone: +22014484519944

Job: Banking Officer

Hobby: Sailing, Gaming, Basketball, Calligraphy, Mycology, Astronomy, Juggling

Introduction: My name is Rev. Leonie Wyman, I am a colorful, tasty, splendid, fair, witty, gorgeous, splendid person who loves writing and wants to share my knowledge and understanding with you.