Cloudflare SSL cert throws a Security Issue
I have configured my nginx to use the certificate and private_key that I downloaded from cloudflare crypto.
This is my nginx.conf file-
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name autocaptions.app *.autocaptions.app;
location / {
proxy_pass http://127.0.0.1:7887;
}
ssl on;
ssl_certificate /home/ubuntu/sslcerts/autocaptions.pem;
ssl_certificate_key /home/ubuntu/sslcerts/private-key.pem;
# ssl_client_certificate /home/ubuntu/sslcerts/cloudflare.crt;
# ssl_verify_client on;
}
# Redirect http to https
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
I am not sure what the issue is. I have added the certificate and the private_key.
I see the following error in the browser when I try to access https://autocaptions.app -
Error in text-
autocaptions.app has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
In Cloudflare configuration, I have disabled HSTS, not sure why this error is showing up.
I have followed digitalocean tutorial to configure SSL.
You are using a certificate signed by the "Cloudflare Origin CA". Certificates issued by this CA are intended to be installed on your origin server so that the communication between the Cloudflare CDN and your origin server can be protected by a certificate.
These kind of certificates are not intended on systems facing end users (i.e. browsers). They are only intended to secure the communication between your origin server and Cloudflare. Typical end users will not have the "Cloudflare Origin CA" as a trusted CA in their browser and thus they will get a TLS error when connecting to your origin server - and this is thus what you get. But typical end users should not connect to the origin server in the first place - they should connect to the Cloudflare instance instead. Only Cloudflare itself should connect to the origin server and they will acknowledge their own CA as trusted.
- openssl how to check server name indication (SNI)
- How to I deploy nextjs application in a production environment, using ssl?
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Is there a way to get the OpenSSL X509 certificate name that im sending to peer in C++?
- pip always fails ssl verification
- Trust Anchor not found for Android SSL Connection
- How to add self-signed generated certificate to trusted certificates from inside a Java keystore?
- How to force Laravel Project to use HTTPS for all routes?
- Using Keycloak behind a reverse proxy: Could not open Admin loginpage because mixed Content
- Python SSL default context not including TLS 1.1 or SSL 2 ciphers
- How do I switch Docker containers with .NET Blazor applications from HTTP to HTTPS?
- Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID
- javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
- How to simulate non-SNI browsers (without SNI support)?
- How to access phpmyadmin on DDEV Windows 10 pro localhost with SSL record too long error
- cURL with SSL certificates fails: error 58 unable to set private key file
- Specifying Arduino WiFiClientSecure Certificates
- maxscale cannot find gtid_binlog_pos
- FreeSWITCH TLS error in 'Client Hello' Request
- ASP.NET Core Development Certificates - error exporting the HTTPS developer certificate
- Get certificate's public key in the PKCS8 format
- Why is Firefox not trusting my self-signed certificate?
- Difference between pem, crt, key files
- Is it a good idea to distribute docker image containing my selfsigned certificate?
- PKIX path building failed: unable to find valid certification path to requested target on chaincode commit on Hyperledger Fabric production network
- enable https jenkin server on ubuntu 24.04
- OkHTTP (v3.0.0-RC1) Post Request with Parameters
- SSL handshake error (CERTIFICATE_VERIFY_FAILED) in grpc++
- Convert .pem to .crt and .key
- How can I decode a SSL certificate using python?