0

I am using Cloudflare to set up a secure connection on Ubuntu 20 using Apache2. I used their Origin Server wizard to generate the following files:

example.com.pem (Origin Certificate)

example.com.key file (Private key)

I gave them the extensions suggested by Cloudflare.

I ran this:

 sudo a2enmod ssl
 sudo systemctl restart apache2

This is my setup:

<VirtualHost *:443>
    ....
    SSLEngine on
    SSLCertificateFile /path/example.com.pem
    SSLCertificateKeyFile /path/example.com.key

The non-secure site works fine (I haven't pointed it to the secure yet), but I still get error 525 (SSL handshake failed) when I try to access the secure site. (I got a website down error before running the sudo a2enmod ssl command)

I tried to see if it was set up ok:

apachectl configtest

It just says "Syntax OK"

(Edit: I removed the wrong stuff I tried - which I now know is wrong - to simplify the question.)

user984003
  • 28,050
  • 64
  • 189
  • 285
  • 1
    Can you confirm your SSL config is included in `/etc/apache2/sites-enabled`? – Max Ivanov Nov 17 '20 at 19:46
  • That was it!! I keep the 80 and 443 in separate files and needed to run "sudo a2ensite example.com-ssl.conf" like I did for the non-ssl file. – user984003 Nov 17 '20 at 21:54

1 Answers1

1

With Max Ivanov's comment answer, this worked:

Generate the files

Use Cloudflare's Origin Server wizard to generate the following files:

example.com.pem (Origin Certificate)

example.com.key file (Private key)

I gave them the extensions suggested by Cloudflare.

Copy to Ubuntu

Copy the files to Ubuntu. A good spot is /etc/ssl

Add path to your .conf files

These files are in /etc/apache2/sites-available

You can use the default files or create your own specific for your site. I have example.com.conf and example.com-ssl.conf

Add the path to the two copied files to the secure version (example.com-ssl.conf)

<VirtualHost *:443>
   ....
   SSLEngine on
   SSLCertificateFile /path/example.com.pem
   SSLCertificateKeyFile /path/example.com.key

Tell Ubuntu to use it

If you created your own conf files, then you'll need to add them to sites-available, which you do like this:

sudo a2ensite example.com.conf
sudo a2ensite example.com-ssl.conf

You may also need to remove the default ones, depending on your use case. There's a command somewhere for that...

You also need to run

sudo a2enmod ssl
sudo systemctl restart apache2

Set Cloudflare to strict

In the dashboard, set the ssl to strict.

user984003
  • 28,050
  • 64
  • 189
  • 285