In this article, we will discuss Fix cPanel AutoSSL Errors Under Cloudflare Proxy.
The reason is that AutoSSL renewal fails when using Cloudflare, the Cloudflare proxy hides your website’s IP from the Internet.
This is great for keeping your website secure, but when you try to renew your encrypted SSL certificates, the cPanel tool will check which IP address your domain resolves to. It only renews it if it resolves to an address on the cPanel server. However, under Cloudflare, the domain name will resolve to a Cloudflare IP address, so AutoSSL renewal fails.
Unfortunately, there is no way to use AutoSLL with cPanel or encrypt SSL certificates under a Cloudflare proxy. Sooner or later, the renewal will fail. And you can’t stop proxies every three months for every website you have. Instead, the best solution is to use a Cloudflare certificate of origin that is valid for 15 years. This is a permanent solution to the problem. And you can enable full (Strict) encryption mode for your website.
How to Install a Cloudflare Origin Certificate on cPanel
To permanently stop worrying about renewing AutoSSL, here’s how to install a Cloudflare origin certificate.
Step 1: Create a Certificate on the Cloudflare SSL/TLS Tab
- First, go to your Cloudflare dashboard and click the “SSL/TLS” tab. And then click the “Origin Server” sub-tab and press “Create Certificate” as shown here:
- Set “Generate a private key and CSR with Cloudflare” and “Private key type” to “RSA (2048)“.
- Then set “Certificate Validity” to “15 years” (This step should be done by default.). Then, click “Create”.
- Now, you will see your “Origin Certificate” and “Private Key”. Copy each of these and save them in two separate text files on your local device. In particular, save the private key in a place where no one else can access it. This key can be used to decrypt communications between your web hosting server and Cloudflare. So keep it safe!
Here, the “Origin Certificate” will be something like this:
-----BEGIN CERTIFICATE-----
........
........
........
-----END CERTIFICATE-----
And, “Private Key” will be something like:
-----BEGIN PRIVATE KEY-----
........
........
........
-----END PRIVATE KEY-----
Step 2: Install the Cloudflare Origin Certificate in cPanel
- log into your cPanel dashboard and go to the “SSL/TLS” section.
- Click on the Certificates section where you can Generate, view, upload, or delete SSL certificates from your server:
- On the Certificates screen, scroll down to the “Upload a New Certificate” section. In the box provided below, paste the code (not the private key) for your certificate into the text area.
- Cloudflare instantly populates the bottom with a certificate of origin after you paste the certificate code. Ensure the details are correct and save the certificate.
Step 3: Check to See that the Certificate is Added in cPanel
- After saving the certificate, scroll up to see if it has been added to the list. You can see here that the list of SSL certificates now includes the ones from Cloudflare that are uploaded. Now click “Install”.
- Paste the private key you obtained in the first step to the input field, then click “Install Certificate”:
Step 3: Check to See that the Certificate is Added in cPanel
- For maximum security, go back to the Cloudflare SSL/TLS section and enable the last box that gives you full (strong) security when using Cloudflare:
