Sunday, August 29, 2021

cloudflare proxied self-signed web server issues

There was a problem with one of our websites set up with a different domain, where another site was being served up instead of the site configured with relevantdomain.conf virtualhost in apache. Turned out the issue was due to the way in which we had set up cloudflare proxying and SSL.

The apache server had been set up with a self-signed certificate, cloudflare was using flexible SSL mode, and a page rule had been applied in cloudflare for http to https redirection. But the web server had been configured with the self-signed cert for another domain. Maybe this was the reason for cloudflare to serve up the default.conf domain instead of the relevantdomain.conf.

Anyway, tidying up by using
certbot-auto --apache
and installing letsencrypt certificates for all the domains on that server fixed up the issue. The usual caution - when doing automatic http validation, turning cloudflare proxying off may be required. But for renewing the domains, this doesn't seem to be necessary, as tested with 
certbot-auto renew --dry-run

Later set up automatic renewal with 
45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart

No comments:

Post a Comment