How do I check SSL certificate when using Cloudflare DNS?

Question

So usually I just create a letsencrypt certificate and setup it up, then i open up the browser and click the "LOCK" icon and check the certificate info, this tells me that my setup actually worked and was installed correctly.

What I ran into today, is that I am doing this for a domain name that is using Cloudflare DNS, so Cloudflare sits between the browser and the server/site. When I click the "LOCK" icon, i see Cloudflare SSL info.

What is the best approach to validate that the letsencrypt cert is actually working on the server/site side?

Answer 1

One can use curl to connect directly to the origin server:

curl -v --resolve www.example.com:443:ip.of.origin.server https://www.example.com

The --resolve argument tells curl to bypass DNS request for www.example.com for port 443 (TLS) connections, and instead use ip.of.origin.server as the destination address.

Another option is to add an entry for your domain and origin server in /etc/hosts (Linux) or c:\Windows\SYSTEM32\Drivers\etc\hosts.txt. After one can check the connection with any tool.

Answer 2

On a free cloudflare plan you cannot import your own SSL certificate.

The only option inside the cloudflare account is to disable the proxy for the "A" record (and/or other appropriate DNS records). Once set, requests will bypass cloudflare and show the original server's IP address, the server's available SSL certificate will also be used.