Resolved how to install SSL certificate of CloudFlare ?

tomer628 · Mar 9, 2017

hi.

i using Cloudflare and they have free SSL certificate to domains..
so i want to install the certificate, but they have PEM or DER or PKCS#7 format.
and i dont know how to install it via Plesk Onyx

how can i do that ?

regards,
Tomer.

UFHH01 · Mar 9, 2017

Hi tomer628,

did you notice, that cloudflare offers a KB - article, which you might read and follow?

=> How to install an Origin CA Certificate (Other)

and the corresponding "Plesk-related" - link for the "digicert" - certificate - installation:

=> Plesk Server Administrator SSL Certificate Installation

tomer628 · Mar 9, 2017

digicert want me to pay them..
i have free from CloudFlare..

i didn't understand how to install the cloudflare certificate via Plesk

UFHH01 · Mar 9, 2017

Hi tomer628,

pls. read and FOLLOW the links in the above mentioned articles, as for example:

Obtain private key and origin certificate pair

After => completing the steps to generate the private key and origin certificate, <= download both in the format described within the link below. Typically this format will either be PEM, DER, or PKCS#7.

The clouflare - articles are really well written and describe the EXACT ways you have to go, to reach your goal!

while the articles from digicert describe the possible ways to insert the certificates on servers with the corresponding hosting software ( so pls. just consider these to be references, how you may continue within Plesk, but use the certificates from cloudflare!

)

tomer628 · Mar 9, 2017

UFHH01 said:
Hi tomer628,

pls. read and FOLLOW the links in the above mentioned articles, as for example:

The clouflare - articles are really well written and describe the EXACT ways you have to go, to reach your goal! while the articles from digicert describe the possible ways to insert the certificates on servers with the corresponding hosting software ( so pls. just consider these to be references, how you may continue within Plesk, but use the certificates from cloudflare! )

but i need to do via SSH if i use Cloudflare insruction:
https://support.cloudflare.com/hc/en-us/articles/217472077

UFHH01 · Mar 9, 2017

Hi tomer628,

as you already know by now and as you already saw in the example - image from digicert, you DON'T have to insert/add the downloaded keys/certificates over the SSH-Command... you have Plesk and a very comfortable GUI ( again, pls. see the digicert - example - image ).

tomer628 · Mar 10, 2017

after i did that..
when i try to refresh my website i got this error :

ERR_CONNECTION_TIMED_OUT

AlexWilliams · Mar 10, 2017

I found if it's an existing site with Cloudflare the domain needs to be disabled then enabled again.

You'll see that the certificate starts initializing, once that's complete ssl will work.

jonnow · Jan 27, 2021

This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:

In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
Click on Create Certificate if you haven't already.
Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.
Go to your Plesk and login.
"Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.
Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.
This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.
The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.

This is what we want.
Copy and paste your .key file to the Private key (*.key) box.
Copy and past your .pem file to the Certificate (*.crt) box.
Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).
Click the "Upload Certificate" button.
Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).
Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".
On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
Click on the certificate you created.
Scroll to the bottom of the page and press "Apply".
If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.
Check your webmail.YOURDOMAIN.com to make sure that's working too.

Hope this helps

USY · Jan 11, 2022

jonnow said:
This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:

In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
View attachment 18270

Click on Create Certificate if you haven't already.

Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.

Go to your Plesk and login.

"Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.

Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.View attachment 18271

This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
View attachment 18272

This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.

The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.
View attachment 18268
This is what we want.

Copy and paste your .key file to the Private key (*.key) box.

Copy and past your .pem file to the Certificate (*.crt) box.

Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).

Click the "Upload Certificate" button.

Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).

Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".View attachment 18269

On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
Click on the certificate you created.
Scroll to the bottom of the page and press "Apply".

If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.

Check your webmail.YOURDOMAIN.com to make sure that's working too.

Hope this helps

Thanks a lot for the istructions.
I have followed up your instructions, but i get “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error on my site.

Any idea the what can the reason for this issue ?

KZM · Jan 19, 2022

jonnow said:
This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:

In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
View attachment 18270

Click on Create Certificate if you haven't already.

Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.

Go to your Plesk and login.

"Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.

Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.View attachment 18271

This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
View attachment 18272

This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.

The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.
View attachment 18268
This is what we want.

Copy and paste your .key file to the Private key (*.key) box.

Copy and past your .pem file to the Certificate (*.crt) box.

Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).

Click the "Upload Certificate" button.

Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).

Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".View attachment 18269

On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
Click on the certificate you created.
Scroll to the bottom of the page and press "Apply".

If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.

Check your webmail.YOURDOMAIN.com to make sure that's working too.

Hope this helps

Thanks a lot.

webnitix · Feb 3, 2022

jonnow said:
This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:

In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
View attachment 18270

Click on Create Certificate if you haven't already.

Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.

Go to your Plesk and login.

"Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.

Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.View attachment 18271

This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
View attachment 18272

This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.

The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.
View attachment 18268
This is what we want.

Copy and paste your .key file to the Private key (*.key) box.

Copy and past your .pem file to the Certificate (*.crt) box.

Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).

Click the "Upload Certificate" button.

Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).

Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".View attachment 18269

On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
Click on the certificate you created.
Scroll to the bottom of the page and press "Apply".

If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.

Check your webmail.YOURDOMAIN.com to make sure that's working too.

Hope this helps

I have went through this quite a few times, but I seem to be getting issues, whenever I run through it I just get:

But when I run this through whynopadlock.com:

Test Results: webnitix.com - Why No Padlock?

Why No Padlock? - Why is my SSL web page insecure? Find the culprit!

www.whynopadlock.com

Everything is showing as working.

romitesur · May 7, 2022

Thanks for the answers, i had same issue and it worked for me.

romitesur · May 8, 2022

sometimes i face redirect loop for ssl, how can i fix it ? dickssportinggoods feedback www.lowes.com survey

Resolved how to install SSL certificate of CloudFlare ?

tomer628

Basic Pleskian

UFHH01

Guest

tomer628

Basic Pleskian

UFHH01

Guest

tomer628

Basic Pleskian

UFHH01

Guest

tomer628

Basic Pleskian

AlexWilliams

New Pleskian

jonnow

New Pleskian

USY

Basic Pleskian

KZM

Basic Pleskian

webnitix

New Pleskian

Test Results: webnitix.com - Why No Padlock?

romitesur

New Pleskian

romitesur

New Pleskian

Similar threads