Announcement

Collapse
No announcement yet.

Cloudflare SSL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cloudflare SSL

    Hi

    If you are having issues with cloudflare SSL, which now allow free SSL, even on all existing Cloudflare accounts, you are best advised as follows:

    If existent cloudflare user

    disable cloudflare
    enable cloudflare

    This will auto create a cloudflare free SSL, but can take upto 24 Hours (see cloudflare warning/message) It does appear to take less then 30 minutes on all accounts I have tried though so far

    New cloudflare accounts, SSL auto created

    If you have any CAA records created, you first need to delete the CAA record, then complete as above

    You could though, add in Cloudflare CAA records, which are as follows:

    digicert.com
    globalsign.com
    comodoca.com

    so you would need to create 4 CAA records with allow wildcards on domain (the forth been Lets Encrypt)

    The last thing which may stop the www. site been viewed, is the cloudflare SSL set as flexible (default on Cloudflare), so you need to login to cloudflare and change the SSL from flexible to Full or Full strict. once done, you refresh your website in browser, and it should start to show normally

    I hope that helps a little

    Many thanks

    John
    You can configure CAA records by visiting the DNS tab of your Cloudflare settings - please follow the steps below: Step 1 - Log in to the...

  • #2
    Great info but one question, Cloudflare says we need SSL certificate on origin server for Full/Full Strict to work well, so should we really use it instead flexible?
    gta apk

    Comment


    • #3
      Hi Brad

      Welcome to IW forums

      Yes, you need to create the SSL for domain in IW-CP, and if using CLoudflare, set to full/full strict as you prefer/require.

      The reason for using Cloudflare SSL is so it does not break the domain SSL when browsing, as partial content of website would be served from CLoudflare CDN

      Many thanks

      John

      Comment


      • #4
        John-

        I'm having trouble getting this to work.

        I created the RSA private key and CSR in Cloudflare and then logged into my Siteworx admin and under SSL added private key and CSR. I left the SSL Certificate and SSL Chain Certificate blank (not installed)
        Then in Cloudflare admin I set SSL to full strict.
        This didn't work. When I put https://domain.com in the browser it redirects me to another Siteworx domain on the server that has a Comando SSL certificate installed. Really odd but I assume it's because I didn't install/do the Cloudflare SSL properly.


        The instructions you provided above completely lost me at this section:

        You could though, add in Cloudflare CAA records, which are as follows:
        digicert.com
        globalsign.com
        comodoca.com

        so you would need to create 4 CAA records with allow wildcards on domain (the forth been Lets Encrypt)

        Where is this done in Cloudflare or in siteworks?

        Thanks

        Comment


        • #5
          Hi simchippy

          Many thanks

          So the siteworx domain already exists in cloud flare.

          Please follow as below as a basic setup for your siteworx domain

          If you have a CAA dns record - delete it

          Disable Cloudflare

          Create your SSL fully from the siteworx account (most I think would use generate all using Letís encrypt)). So that the siteworx account has a proper ssl

          Test the ssl by browsing to the domain using https (if fails, please clear your browser cache)

          Once the siteworx domain has been shown working normally using https, enable cloudflare

          Then go to the cloudflare account in a web browser, and you should see it has now assigned an SSL. You then need to set this to strict

          Allow a few hours and test

          I hope that explains a little more or is easier to understand

          Once you have the above working, you can experiment with CCA DNS records and the additional part to add allowance for Cloudflare

          Many thanks

          John

          Comment


          • #6
            I think the easiest way is to do Full, but not Full Strict. Strict requires a real SSL certificate which isn't really needed since the end user only see the cloudflare certificate anyway. I have not tried it, but you should be able to just create a self signed SSL from SiteWorx and then use Cloudflare Full.
            [ JUSTIN ]
            [ OFF unit ]
            [ WEB DESIGN / DEVELOPMENT, GRAPHIC DESIGN, OTHER STUFF
            ]

            Comment


            • #7
              I followed the process and added the records to siteworx and then cloudflare I think I resolved the certificates.

              It's a wordpress site if I login to the wordpress admin page using https:// the ssl works, if I toggle out of the admin SSL turns off.. If I toggle back to admin SSL remains off unless I type Https:// back in. I was getting a redirect loop when using cloudflare force https. Tried a few plugin to correct hard coded links. I'm missing something but I think its now the Cloudflare/WP settings.

              Comment


              • #8
                Hi simchippy

                Glad you have resolved the SSL.

                I would turn off CF SSL rewrite and log into WP, goto settings and turn on https, which should then give you http to https

                I think your correct, and you have a rewrite loop

                Hopefully justec will also post his thoughts, as he has better knowledge of WP

                Many thanks

                John

                Comment


                • #9
                  Hi simchippy,

                  You can do what John said with CF, or you can just do it on WordPress itself.

                  Go to Settings > General and change both of the URLs listed under WordPress Address (URL) and Site Address (URL) to your URL with the https://

                  If you just want the admin to be in SSL (not recommended, just do the entire site) you can add this to your wp-config.php instead:

                  define('FORCE_SSL_ADMIN', true);
                  [ JUSTIN ]
                  [ OFF unit ]
                  [ WEB DESIGN / DEVELOPMENT, GRAPHIC DESIGN, OTHER STUFF
                  ]

                  Comment

                  Working...
                  X