Setting up Enhance with Cloudflare DNS (SSL Issues)

btraill

Hello all,

I just went through the enhance installation on an Ubuntu 22.04 server hosted on DigitalOcean. Upon attempting to access the setup URL I am receiving "Invalid SSL certificate" from Cloudflare. If I disable the Proxy status on the A record I created -- I can get to the setup page. However, I am then getting that the certificate is not valid/not a trusted authority.

Is there any additional config required to get this working correctly?

Adam

Let's Encrypt can't issue a certificate until the domain is reachable. Ordinarily you would accept the self signed certificate, complete the setup then wait for the auto Let's Encrypt certificate to issue or expedite this by requesting it from the UI. The only reason you wouldn't be able to accept the self signed certificate is if the parent domain has HSTS enabled.

If you want to use the CloudFlare proxy, you can set the SSL mode in Cloudflare to permissive and complete the setup. From there you can request a Let's Encrypt certificate or install the Cloudflare origin certificate and you can then set the SSL mode back to strict. Bear in mind the Cloudflare proxy might interfere with some operations in the panel.

btraill

Adam Thank you for the explanation. Much appreciated.

slimx

I personally do this:

Add website to cloudflare (no proxy)
Enable STRICT SSL settings on CloudFlare
Go to Cloudflare ORIGIN CERTIFICATES > Generate
Add Custom SSL to enhance
Setup CloudFlare API on enhance
Enable proxies on enhance

Works like a charm.

btraill

slimx Thank you, slimx.