1) Log in to your Cloudflare system, select your domain. Click on the SSL/TLS icon -> Pick Origin Server tab -> Click Create button:
2) Settings should be the following:
– Generate private key and CSR with Cloudflare;
– Make sure your domain is indicated in Hostnames;
– Certificate Validity 15 years (Optional).
Click Create button:
3) Copy-paste Origin Certificate and Private Key. You will need this information to install SSL on your server. The Key format should be PEM:
4) You will also need CA Bundle to establish the full chain of trust. You can download page. You will see two options there:on this
– Cloudflare Origin ECC PEM (do not use with Apache cPanel)
– Cloudflare Origin RSA PEM <- THIS IS THE ONE YOU NEED TO DOWNLOAD
As a result, you will have 3 pieces of SSL:
1) Private Key;
2) Certificate or CRT (Origin Certificate);
3) Certificate Authority Bundle or CABUNDLE (Cloudflare Origin RSA PEM).
The SSL installation on cPanel takes place according to this tutorial.
For SSL to work correctly, you will need to make sure that your domain’s type A record is Proxied on your Cloudflare DNS zone:
Also, you will need to enable Full (strict) SSL/TLS encryption in Cloudflare SSL/TLS -> Overview section:
That’s it! Congrats on installing Cloudflare SSL for your domain: