[resolved] ssl error
I tried giving a new ssl or even made cloudflare auto assign me one but it hasnβt and idk what to do the old expired cert is stuck on my site.
36 Replies
Update after last night it still wouldnβt work and I tried renewing it via using another services but it didnβt work and couldnβt replace the old one.
What exactly are you seeing/what's the url with the issue?
https://support.maximumstudios.xyz
on the server side I tried doing manual ssl and even try making cloudflare use itβs ssl from universal ssl certificates but itβs not working
Wait itβs working now
Ignore that then
I see this:
Oh Nevermind
Itβs not working
It just worked for minute
That's not related to Cloudflare though. That website/subdomain is unproxied, your origin is serving the expired cert to visitors. Your universal cert doesn't matter as it's not going through Cloudflare, just need to get your origin to renew the certificate
My origin is trying to use cloudflares certificate
I tried removing the old ssl
And everything on the orgin
well that's not going to work with your current setup, Cloudflare doesn't give you publicly trusted ssl certs that you can install on your origin
It's currently serving an expired Let's Encrypt cert
I tried removing the expired with a valid one that was issued by another provider
The expired one is just stuck and I tried using cloudflares dns as my main site and few sub domains uses cloudflares ssl
I will reinstall the server and see if that would do the trick
But I wonβt be able to do it right now.
update I have gotten the new ssl on the server and it tried to overwrite the current ssl certification but it didn't work any help on this?
it has generated a new SSL from Lets encrypt and should I fix somethings on my end*?
it's using A record and it's is not using cloudflare proxy
your origin still isn't serving it
what origin software are you using? simple nginx setup? directadmin? cpanel?
I am using a host provider they use jexactyl (mini servers) with reverse proxy I am using node.js as a program language idk much on what they use for the proxy.
they do all the connections automatically
I even used another server and tried it but didn't work.
it's still giving the error message for the lets encrypt even if I take off reverse proxy.
I even used replit as a testing plate and it still gave issues.
if I put it on something else it will work
Their proxy (and not your node.js server) is the one serving the certificate?
they give the options to use the SSL or not I turn off give SSL and I even tried generating a new one using another provider instead and it didn't work.
Let me show you the screenshots on how it looks.
there's two options for it
I can turn both off and my other sub-domains cloudflare used it's own ssl
"Cloudflare used its own ssl" is a dangerous statement. While it's true you can have a setup like that User -> Https -> Cloudflare -> http -> backend, it's very insecure and not recommended
If you uncheck let's encrypt it lets you upload your own cert?
Yes
not as upload
but wants me to manually fill it in.
Is there any issue/reason why you aren't using Cloudflare's proxy for this? If not, you can use one of their origin certificates
it doesn't support it due to how jexactyl is programmed as
if you want to upload your private key it doesn't take RSA
I followed some tips online to convert it so it doesn't use RSA
but it didn't do anything really.
what cert are you trying to upload?
zero ssl
they gave a .zip with the stuff that's needed.
I even used the bundle too but didn't work.
Even if you skip past the cert error you just get a bad gateway
the server is active that's confusing.
I can ask the owner to look in the codes for the server to repair it but idk what's up with it.
If your host has an option to use Let's Encrypt certs automatically in their proxy, they would be responsible for renewing them
yea, I'd follow up with them and ask them to look into both issues
for other servers it has renewed for it but not this server.
The only other option that comes to mind is Cloudflare Tunnels https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/ if you can install software along side node.js, the tunnel connects back out to Cloudflare and then proxies requests in. You could then have the tunnel connect insecurely to nodejs . Doesn't require port forwarding, doesn't care about dynamic ips, or nat, etc.
Alright will pass it to the owner.
Got it fixed thanks!