Question

How to install cloudflare Origin CA ssl certificate on Ubuntu 22.04 (LTS) x64

How to install cloudflare Origin CA ssl certificate on Ubuntu 22.04 (LTS) x64.Cloudflare give only key and pem file.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

And where is the problem? Copy and paste the two certificates in two files in one folder and change the path in your vhost from the certs of the actually SSL Files to the new two files you created. Don’t forget to set the rights with chown / chmod.

Bobby Iliev
Site Moderator
Site Moderator badge
June 3, 2023

Hi there,

You can download the Cloudflare CA certificate from here:

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/

The exact installation instructions would depend on whether you are using Nginx or Apache as your web server.

For example, with Nginx what you would need to do is:

  • Once you have both your certificate .pem file and the CA certificate, you can combine them into 1 file with this command:
cat your-pem-file.pem the-CA-certificate-file.crt >> bundle.pem

Then you can use that bundle.crt file which will contain both the SSL certificate and the CA certificate and define it as normal in Nginx.

What I personally do is to install a free Let’s Encrypt SSL with certbot so that certbot does all of the Nginx server configuration like updating the server blocks and defining the certificates and the rest of the required SSL configuration. And then I manually update the path to the Cloudflare SSL certificates.

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

However, if you prefer to manually do the configuration you could follow these steps, for example:

  • Upload the bundle certificate that you’ve just created and private key to your server: You should securely upload the .pem file (your SSL certificate) and .key file (your private key) that Cloudflare provided to your server.

  • Place the certificate and key in a secure directory: A common location to place these is under /etc/ssl/certs/ for the .pem certificate file and /etc/ssl/private/ for the .key private key file. Remember to restrict access to these files using proper permissions. Usually, you can do this with these commands:

sudo mv /path/to/your/certificate.pem /etc/ssl/certs/
sudo mv /path/to/your/private.key /etc/ssl/private/
sudo chmod 644 /etc/ssl/certs/certificate.pem
sudo chmod 640 /etc/ssl/private/private.key
  • Replace /path/to/your/certificate.pem and /path/to/your/private.key with the actual paths to your certificate and key.

  • Configure Nginx to use the certificate: Now you should edit your Nginx configuration file to use the SSL certificate for the appropriate server block. Open your site’s configuration file with a text editor. It’s typically located at /etc/nginx/sites-available/yourdomain.com.

    Inside the server block for your site, you’ll want to include lines like these:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/ssl/certs/certificate.pem;
    ssl_certificate_key /etc/ssl/private/private.key;

    # ...
}
  • Replace yourdomain.com with your actual domain, and make sure the paths to the ssl_certificate and ssl_certificate_key match the locations where you placed your .pem and .key files.

  • Test the configuration: Run sudo nginx -t to test your configuration. If the configuration is correct, you’ll see a message saying configuration file /etc/nginx/nginx.conf test is successful. If you see any error messages, check your configuration file for any syntax errors and correct them.

  • Reload or restart Nginx: Once your configuration is correct, you should reload or restart Nginx to apply the changes. You can do this with the command sudo systemctl reload nginx or sudo systemctl restart nginx.

Hope that this helps!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.