I am using Cloudflare to set up a secure connection on Ubuntu 20 using Apache2. I used their Origin Server wizard to generate the following files:
example.com.pem (Origin Certificate)
example.com.key file (Private key)
I gave them the extensions suggested by Cloudflare.
I ran this:
sudo a2enmod ssl
sudo systemctl restart apache2
This is my setup:
<VirtualHost *:443>
....
SSLEngine on
SSLCertificateFile /path/example.com.pem
SSLCertificateKeyFile /path/example.com.key
The non-secure site works fine (I haven't pointed it to the secure yet), but I still get error 525 (SSL handshake failed) when I try to access the secure site. (I got a website down error before running the sudo a2enmod ssl command)
I tried to see if it was set up ok:
apachectl configtest
It just says "Syntax OK"
(Edit: I removed the wrong stuff I tried - which I now know is wrong - to simplify the question.)
With Max Ivanov's comment answer, this worked:
Generate the files
Use Cloudflare's Origin Server wizard to generate the following files:
example.com.pem (Origin Certificate)
example.com.key file (Private key)
I gave them the extensions suggested by Cloudflare.
Copy to Ubuntu
Copy the files to Ubuntu. A good spot is /etc/ssl
Add path to your .conf files
These files are in /etc/apache2/sites-available
You can use the default files or create your own specific for your site. I have example.com.conf and example.com-ssl.conf
Add the path to the two copied files to the secure version (example.com-ssl.conf)
<VirtualHost *:443>
....
SSLEngine on
SSLCertificateFile /path/example.com.pem
SSLCertificateKeyFile /path/example.com.key
Tell Ubuntu to use it
If you created your own conf files, then you'll need to add them to sites-available, which you do like this:
sudo a2ensite example.com.conf
sudo a2ensite example.com-ssl.conf
You may also need to remove the default ones, depending on your use case. There's a command somewhere for that...
You also need to run
sudo a2enmod ssl
sudo systemctl restart apache2
Set Cloudflare to strict
In the dashboard, set the ssl to strict.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.