Reputation: 51
Cloudflare DNS + Netlify CDN // HTTPS not working
I'd like to configure a static website with the following set up.
- DNS : Cloudflare
- CDN : Netlify
For a number of reason I would prefer to keep the DNS on Cloudflare, while using the Netlify CDN, which is working surprisingly well for me.
In order to do this, I set a CNAME entry on Cloudflare's DNS pointing to the Netlify sitename.netlify.com (Cloudflare supports Flatten CNAME at root) and deactivated the CDN in the Cloudfare DNS Control Panel (with the Grey cloud instead of the Orange cloud).
While working perfectly with an unsecured connection, I immediately experienced problems with the HTTPS. When trying to browse https://myparticulardomain.example I get an
ERROR 3019: HTTPS CERTIFICATE COULD NOT BE VALIDATED
I am trying to follow the procedure on Cloudflare where I generate an Origin TSL Certificate and then try to set up a custom SSL certificate on Netlify.
From Netlify Docs:
To install a certificate, you’ll need:
-the certificate itself, in X.509 PEM format (usually a .crt file)
-the private key you used to request the certificate
-a chain of intermediary certificates from your Certificate Authority (CA)
The first two items are fine, I am not sure what is the 3rd one and where to find it on Cloudflare's dashboard. Am I following the right path?
Upvotes: 4
Views: 2734
Answers (2)
Reputation: 1
You should never select "Flexible" in Cloudflare. Ever. It requires your origin to be publicly exposed on port 80 with absolutely no security. Don't even do this for static assets.
Netlify lets you "Install a custom certificate" for each domain- requiring a certificate, a key, and an intermediate chain certificate.
Cloudflare lets you create an origin certificate and private key, and you use Cloudflare's Origin CA as the Intermediate Certificate.
Again, never use "Flexible". Take the time to learn how to set up TLS properly, pretty much every provider has a mechanism, and installing a Cloudflare certificate is among the easiest.
Upvotes: 0
Reputation: 27005
You could use Cloudflare to handle the certificate for you, first give a try setting the Flexible option:
If that works then you could also give a try the options Full of Full (strict), check this post for more details: https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-Off-Flexible-SSL-Full-SSL-Full-SSL-Strict-mean-
Upvotes: 3
Related Questions
- Configure NGINX + CloudFlare + SSL
- How to enable CDN for a subdomain with external web server?
- SSL certificate not working on Nginx Proxy Manager (Cloudflare DNS)
- Cloudflare SSL cert throws a Security Issue
- How to use Cloudflare SSL with Hostinger
- Cloudflare - Ineligible for SSL
- CloudFlare will not let me serve only HTTPS, it works only if I serve HTTP along with HTTPS
- cloudflare - ssl error
- Cloudflare SSL not working on Github page
- Secure HTTPS not working in Magento under CloudFlare