hope you are all staying well and safe.
So just to explain my setup which I have always proffered do which worked for me, until now..
I have:
- Ubuntu server running apache2 for websites
- Letsencrypt via certbot (installed last week along with fresh ubuntu server)
- Cloudflare linked
With this I am able to host my multiple sites and provide free ssl to them (letsencrypt) via running the command: sudo certbot --apache.
Next I will add the domain to cloudflare for one singular reason - I use their proxy DNS
by clicking the orange cloud on the DNS page. I go via cloudflare for one reason, to hide the ip of the site where the server sits, it is just a nice handy feature and I see it help fight attacks more.
This all used to work well with no problem and the ssl would be served by letsencrypt. However now when I try todo the both it creates problems and displays the ERR_SSL_VERSION_OR_CIPHER_MISMATCH browser message when you try to load the site. I noticed there is a SSL mode which you can alter and also 'Edge certificates' which for some reason it is trying to make.
My question is, how would I go about making the changes so that Cloudflare lets Letsencrypt deliver the ssl but uses the proxy feature to hide the IP - since I may have to turn OFF the ssl mode? Will this problem be fixed if i turn the SSL mode in cloudflare to off? But then will that cause issues with it taking it to the https website through letsencrypt/certbot? When it has worked in the past and I clicked the padlock button on the browser I saw it had the certificate issued to cloudflaressl.com.
Thank you guys, I hope someone can shed some light.
