Issue Cloudflare Origin SSL Zertifikate does work and protect

C

cpulove

New Pleskian
Server operating system version
Debian 12
Plesk version and microupdate number
Plesk Obsidian 18.0.64 Update 1
I still have the problem, that Plesk does not take my signed origin cloudlflare SSL certificate.
I strictly followed the howto guide from cloudlfare creating the certificate and integrate it in plesk, but uploading the certificate and bind it to the domain via Hosting SSL/TLS setting does not bring up a working certificate. SSL/TLS certificate is always shown as not protecting the site.
Not sure where the problem is, I ask for help and another opinion.

I basically do the same as here in the description
Private Key and both Certificates are copied from cloudflare and uploaded as a certificate in plesk.

Any help how I could get a working cloudlfare origin certificate in plesk? Am I missing some important steps?
Other SSL certificates, like google and letsencrypt are working flawless.

Bildschirmfoto 2024-11-07 um 08.24.40.png


Bildschirmfoto 2024-11-07 um 08.18.02.png
 
I am still struggeling! Now I was now able to install an origin cloudflare certificate, which shows up as vaild and protecting in Plesk!

Bildschirmfoto 2024-11-10 um 07.33.12.png
But my domains SSL is still not working with Cloudflare Origin Server Certificate and proxied DNS records. If the DNS records are not proxied, I can see, that the Origin Server Certificate gets loaded, but not trusted, which should be normal, as this only works with enabled proxy DNS.

Bildschirmfoto 2024-11-10 um 07.28.30.png
As soon as I enable the DNS proxies, I get an instand ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Also SSL-Labs scan is noch longer possible and returns "Failed to communicate with the secure server".
I can ping the domain and get the cloudflare IPv4 and IPv6 back, but website content will not load at all, as the ERR_SSL_VERSION_OR_CIPHER_MISMATCH is present.

What I did is : I paused cloudflare a couple of times for more then 24h now, as this should solve this issue and is the only answer I got so far, but this doesn't fix it. SSL/TLS is of course set to Full (strict) as mentioned in the SSL documentation on Cloudflare. Also to mention that my DNSSEC Authentication Chain is without any error!

Bildschirmfoto 2024-11-10 um 07.31.02.png

My Origin Server Certificate is uploaded correctly to my webserver (Plesk), with PRIVATE KEY, the CERTIFICATE and the *-ca.crt (downloaded from cloudflare).

All traffic is redirected to HTTPS (via Plesk an Cloudflare). No edge certificates are active (universal SSL is off), as I want to use only Cloudflares Origin SSL. DNS for my mail still runs over a non proxied DNS entry, which works flawless!

And I also would like to mention just for reference, that I am on Plesk Obsidian (latest version) with OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024).
 
You must log in or register to reply here.

Similar threads

B
Resolved domain uses plesk ssl certificate
Replies
2
Views
648
biaaas
B
M
Issue Plesk showing Cloudflare Origin CA cert, but server still serving Google Trust cert
Replies
3
Views
2K
mauricekindermann
M
C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
2K
cpulove
C
C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
2K
cpulove
C
N
Issue 421 Misdirected Request on Apache-only Plesk server after recent Apache update (CVE-2025-23048)
Replies
2
Views
643
NatuurlijkHosting
N
Back
Top