To setup an SSL on your domain and sub domain you will need too
1. Log into CloudFlare and go to SSL/TLS and select origin server
2. You will want to issue the origin certificate with a wild card, ie: *.domain.com
3. When you create a new certificate you will be presented with both a public and private key
a. You should save this information as you will not be able to review the private key again.
4. Lastly you will need to download the CA Bundle from cloudflare.
i. Cloudflare Origin ECC PEM (do not use with Apache cPanel)
ii. Cloudflare Origin RSA PEM
5. Install the certificate at your web hosting environment and manually push the CA Bundle
6. On WHM, go to “Install SSL”
7. Enter the name of the domain or sub domain you are installing it on (do not use wild cards)
8. Enter the 2 keys you saved and the CA Bundle which you downloaded above (3 certificates in total)
9. Align the certificate with the appropriate IP address (do not use auto discover)
This should be all you need to do to enable SSL on a domain and sub domain. You can
check the status of the SSL certificate by going to:
If you receive this error, it means you are not being protected by Cloudflare.
Cloudflare’s SSL only works when your website’s traffic goes through Cloudflare. The “Cloudflare Origin Certificate” is a certificate that is only trusted by Cloudflare, not by browsers.
To fix this:
1. Go to the DNS tab in the Cloudflare dashboard 83
2. Find either the “A” or “CNAME” record for the subdomain you have this issue on (if this issue occurs without a subdomain, find the A/CNAME DNS record where the “name” is your website, eg. example.com)
3. Make sure that DNS entry has a cloud icon on the right is an orange cloud .
Cloudflare’s SSL DOES NOT WORK if the cloud is grey. If the cloud icon is grey, click it to turn it orange.
Your website should now be going through Cloudflare and Cloudflare should be presenting a valid SSL certificate.
With this, you may get either a too_many_redirects error or another SSL error. To fix this, make sure your “SSL mode” in the SSL/TLS app 31 is Full (strict). This is required when you install the “Cloudflare origin certificate” or another SSL certificate on your server. If this doesn’t fix it, see Community Tip – Fixing ERR TOO MANY REDIRECTS