In the year 2024, there can be only one reason for not using SSL everywhere – laziness. Laziness has sabotaged the migration of my blog from an overpriced shared vps to AWS. But this time, when the cert expired and Cloudflare stopped routing traffic, the SRE inside me have had it enough with the downtime. While still in bed, I started clickops-ing this cert to be SSLlabs poster child.
I soon found out that since I do not use the hosting provider as my domain registrar, my site is not eligible for a proper free certificate, and all they can offer are self-signed certificate. Cloudflare’s Full (strict) SSL validation test requires a valid SSL certificate on the origin server for end-to-end encryption. Since there is no root(admin access) on a shared vps server, you cannot install certbot and Letsencrypt yourself out of this.
Luckily generating an Origin Certificate from Cloudflare is easy even with clickops! They provide a validated path between Cloudflare and the origin server without the need for a publicly trusted certificate on the origin.
Generating a Cloudflare Origin Certificate
- Log into your Cloudflare dashboard.
- Navigate to the SSL/TLS section and select the Origin Server tab.
- Click on Create Certificate. For most users, the default settings provided by Cloudflare will suffice. These include a wildcard certificate that covers your domain and any subdomains.
- When prompted, choose the validity period for your certificate. Cloudflare allows you to select a duration of up to 15 years, providing long-term coverage.
- Cloudflare will generate a private key and a certificate. Copy both, as you will need them for the next steps.
Step 2: Importing the Certificate through cPanel
- Log into your cPanel account on your hosting provider
- Scroll down to the Security section and click on SSL/TLS.
- Under the SSL/TLS section, find and click on Manage SSL sites under the Install and Manage SSL for your site (HTTPS) menu.
- Select the domain you’re installing the certificate for from the drop-down menu.
- In the fields provided, paste the certificate and private key that you copied from Cloudflare.
- Click on Install Certificate. This process installs the Cloudflare Origin Certificate on your InMotion Hosting server, enabling it to pass Cloudflare’s Full (strict) SSL verification.
Step 3: Verifying the Installation
- Once the installation is complete, it’s crucial to verify that everything is working as intended.
- You can use SSL verification tools like SSLLabs to test your site’s SSL status.
- Additionally, check your website’s loading behavior to ensure there are no SSL errors or warnings.
Bonus
Put your SSL/TLS setting on Cloudflare to Full(strict) and select least supported version as TLS 1.3 for the Edge certificate.
Result
After a couple of hours of clicking through cPanel and Cloudflare menu, I finally feel vindicated.
The main reason I wanted to write this down was firstly I strongly detest remembering UI navigation, but sometimes it buys you time while you are automating the process out of your cognitive boundaries. The other reason is I do not want a clickops post to be the stack top of my blog, and will serve as push for migrating off this fleecing vps to the terraformed AWS nirvana.