Issue Cloudflare Origin SSL Zertifikate does work and protect

[cpulove]

Server operating system version

Debian 12

Plesk version and microupdate number

Plesk Obsidian 18.0.64 Update 1

I still have the problem, that Plesk does not take my signed origin cloudlflare SSL certificate.
I strictly followed the howto guide from cloudlfare creating the certificate and integrate it in plesk, but uploading the certificate and bind it to the domain via Hosting SSL/TLS setting does not bring up a working certificate. SSL/TLS certificate is always shown as not protecting the site.
Not sure where the problem is, I ask for help and another opinion.

I basically do the same as here in the description
Private Key and both Certificates are copied from cloudflare and uploaded as a certificate in plesk.

Any help how I could get a working cloudlfare origin certificate in plesk? Am I missing some important steps?
Other SSL certificates, like google and letsencrypt are working flawless.

 

[cpulove]

I am still struggeling! Now I was now able to install an origin cloudflare certificate, which shows up as vaild and protecting in Plesk!


But my domains SSL is still not working with Cloudflare Origin Server Certificate and proxied DNS records. If the DNS records are not proxied, I can see, that the Origin Server Certificate gets loaded, but not trusted, which should be normal, as this only works with enabled proxy DNS.


As soon as I enable the DNS proxies, I get an instand ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Also SSL-Labs scan is noch longer possible and returns "Failed to communicate with the secure server".
I can ping the domain and get the cloudflare IPv4 and IPv6 back, but website content will not load at all, as the ERR_SSL_VERSION_OR_CIPHER_MISMATCH is present.

What I did is : I paused cloudflare a couple of times for more then 24h now, as this should solve this issue and is the only answer I got so far, but this doesn't fix it. SSL/TLS is of course set to Full (strict) as mentioned in the SSL documentation on Cloudflare. Also to mention that my DNSSEC Authentication Chain is without any error!



My Origin Server Certificate is uploaded correctly to my webserver (Plesk), with PRIVATE KEY, the CERTIFICATE and the *-ca.crt (downloaded from cloudflare).

All traffic is redirected to HTTPS (via Plesk an Cloudflare). No edge certificates are active (universal SSL is off), as I want to use only Cloudflares Origin SSL. DNS for my mail still runs over a non proxied DNS entry, which works flawless!

And I also would like to mention just for reference, that I am on Plesk Obsidian (latest version) with OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024).