Copy Cert and Key
Cloudflare – Origin Server – Create Certificate
Copy certificate key(site.pem) and private key (site.key) to origin server (web server)
/etc/cloudflare/site.ca.pem
/etc/cloudflare/site.ca.key
Configure Apache
$sudo a2enmod ssl
$sudo vi /etc/apache2/sites-available/site.ca.conf
ServerAdmin admin@site.ca ServerName site.ca ServerAlias www.site.ca DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =site.ca [OR] RewriteCond %{SERVER_NAME} =www.site.ca RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] ServerAdmin admin@site.ca ServerName site.ca ServerAlias www.site.ca DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/cloudflare/site.ca.pem SSLCertificateKeyFile /etc/cloudflare/site.ca.key
$sudo apachectl configtest
$sudo systemctl restart apache2
$sudo a2ensite /etc/apache2/sites-available/site.ca.conf
$sudo a2enmod rewrite
$sudo systemctl restart apache2
Enable SSL Full strict mode on Cloudflare
Cloudflare – SSL/TLS – Full(strict)