Cloudflare SSL full strict mode

Copy Cert and Key
Cloudflare – Origin Server – Create Certificate
Copy certificate key(site.pem) and private key (site.key) to origin server (web server)
/etc/cloudflare/site.ca.pem
/etc/cloudflare/site.ca.key

Configure Apache
$sudo a2enmod ssl
$sudo vi /etc/apache2/sites-available/site.ca.conf

ServerAdmin [email protected]
ServerName site.ca
ServerAlias www.site.ca
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =site.ca [OR]
RewriteCond %{SERVER_NAME} =www.site.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

ServerAdmin [email protected]
ServerName site.ca
ServerAlias www.site.ca
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/cloudflare/site.ca.pem
SSLCertificateKeyFile /etc/cloudflare/site.ca.key

$sudo apachectl configtest
$sudo systemctl restart apache2
$sudo a2ensite /etc/apache2/sites-available/site.ca.conf
$sudo a2enmod rewrite
$sudo systemctl restart apache2

Enable SSL Full strict mode on Cloudflare
Cloudflare – SSL/TLS – Full(strict)

Leave a Reply

Your email address will not be published. Required fields are marked *