Adding Cloudflare's own SSL Certificate to MiaB

I went into System > TLS (SSL) Certificates and copied the CSR to generate a signed certificate for my domain which uses cloudfare dns. After pasting the csr and specifying my domain name it gave me back an Origin Certificate in PEM format so I copied it on MiaB panel and hit install which returned the following error:
The certificate is missing an intermediate chain or the intermediate chain is incorrect or incomplete. (/tmp/tmpkk1630nt.pem: O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate error 20 at 0 depth lookup:unable to get local issuer certificate )

After a bit of googling I found this link https://support.cloudflare.com/hc/en-us/articles/218689638-What-are-the-root-certificate-authorities-CAs-used-with-Cloudflare-Origin-CA- which provides the correct Cloudflare Origin CA — RSA Root, so after pasting that into the intermediate chain box all I get back is This is a self-signed certificate. I can’t install that..

If Cloudflare is the one providing me with the SSL/TLS certificates, how am I supposed to add them to not use letsencrypt?

If you got the Cloudflare Cert from Cloudflare’s Crypto Tab -> Origin Certificates, this is only for sites behind the orange cloud. It is self-signed (by Cloudflare).

1. Cloudflare internally accepts this one so you can set your domain to Full-Strict encryption without having to generate Let’s Encrypt or pay for a cert.
2. It’s a little quicker for Cloudflare to process since they don’t have to do a cert lookup when pulling content from your web server.

This is only for a web server fronted by Cloudflare. It’s not going to work for a mail server.

Bottom line…stick with Let’s Encrypt.

Thanks for your response, that made it much clearer. I shall go ahead and provision a Let’s Encrypt certificate since I’m not using the orange cloud for this domain.

Thanks again!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.