Cloudflare SSL certificate fails to get activated

Issues
,
1

I’ve tried multiple things here, starting with the tutorial from the Custom Domains & SSL page on the docs.

I was wondering about the intermediate certificate since I’ve never used that yet in a web server environment but I figured this would be the CA root certificate. Here I’ve tried two things you can find when searching for the root certificate of the Cloudflare CA.

Using the RSA certificate from https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates let’s me pass my certificate and my key but errors just a few seconds later with

2021-02-23T14:19:45Z - info - -----------------------
2021-02-23T14:19:45Z - info - UploadSsl job started
2021-02-23T14:19:45Z - info - Running job 'uploadSsl' on xdn-build-lambda v2.46.7
2021-02-23T14:19:46Z - error - UploadSsl job failed [unexpected]: Request to /tls/certificates failed with 400: chain does not go to root

Trying the same with the root certificate from https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/install-cloudflare-cert gave me a 500 on the /graphql endpoint, so I’m guessing that’s just not the correct certificate I’m searching for - I figured I’d still state it here so you guys could potentially fix that.

And now I’m wondering how to get my site up and running behind Cloudflare, since I need to keep the SSL settings there at “Flexible” and none of my steps I tried today got me to a point where the dashboard accepted the certificates.

I’d love to see this followed up as soon as possible since I want to continue figuring out how to migrate my current app to a XDN-compliant and fully functional one.

Cheers, ~ rxsto

2

Hi rxsto,

Thanks for calling this out!

I’ve been able to replicate the issue with Cloudflare certs and am digging into it. I’ve pulled the CA’s from Cloudflare directly as well.

Let me work through this later today or tomorrow, get to the bottom of what the issue is & get back to you.

Thanks!

1 Like
3

We’ve created an internal ticket to track this under XDN-9048.

1 Like
4

Hi rxsto,

Thanks for your patience on this!
The core issue here is that Cloudflare has moved to a bit of a non-industry standard approach to certs. Here’s their blog post talking about the change & why they made it: CloudFlare Origin CA

At this point we don’t have plans to support Cloudflare’s certificate model, though that may change in the future. With that being said, if you give us a few more days, we’re about to release a new feature around certs where you can generate certs for XDN that will be recognized by the browsers as well as Cloudflare or any other 3rd party.

Thanks again for posting this rxsto!

Cheers,
Michael

1 Like
5

Hey,

just to quickly follow up on this thread, I’ve been able to successfully use Cloudflare DNS in combination with your new automatic SSL generation feature. It’s definitely a great one, easy to use and set up in just a few minutes!

Once again, thanks for such a great platform! Keep pumping out these awesome features!

Cheers, ~ rxsto

6

Great to hear. Thanks for the feedback!

1 Like