How to install cloudflare Origin CA ssl certificate on Ubuntu 22.04 (LTS) x64

Hi there,

You can download the Cloudflare CA certificate from here:

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/

The exact installation instructions would depend on whether you are using Nginx or Apache as your web server.

For example, with Nginx what you would need to do is:

• Once you have both your certificate .pem file and the CA certificate, you can combine them into 1 file with this command:

cat your-pem-file.pem the-CA-certificate-file.crt >> bundle.pem

Then you can use that bundle.crt file which will contain both the SSL certificate and the CA certificate and define it as normal in Nginx.

What I personally do is to install a free Let’s Encrypt SSL with certbot so that certbot does all of the Nginx server configuration like updating the server blocks and defining the certificates and the rest of the required SSL configuration. And then I manually update the path to the Cloudflare SSL certificates.

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

However, if you prefer to manually do the configuration you could follow these steps, for example:

• Upload the bundle certificate that you’ve just created and private key to your server: You should securely upload the .pem file (your SSL certificate) and .key file (your private key) that Cloudflare provided to your server.

• Place the certificate and key in a secure directory: A common location to place these is under /etc/ssl/certs/ for the .pem certificate file and /etc/ssl/private/ for the .key private key file. Remember to restrict access to these files using proper permissions. Usually, you can do this with these commands:

sudo mv /path/to/your/certificate.pem /etc/ssl/certs/
sudo mv /path/to/your/private.key /etc/ssl/private/
sudo chmod 644 /etc/ssl/certs/certificate.pem
sudo chmod 640 /etc/ssl/private/private.key

• Replace /path/to/your/certificate.pem and /path/to/your/private.key with the actual paths to your certificate and key.

• Configure Nginx to use the certificate: Now you should edit your Nginx configuration file to use the SSL certificate for the appropriate server block. Open your site’s configuration file with a text editor. It’s typically located at /etc/nginx/sites-available/yourdomain.com.

  Inside the server block for your site, you’ll want to include lines like these:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/ssl/certs/certificate.pem;
    ssl_certificate_key /etc/ssl/private/private.key;

    # ...
}

• Replace yourdomain.com with your actual domain, and make sure the paths to the ssl_certificate and ssl_certificate_key match the locations where you placed your .pem and .key files.

• Test the configuration: Run sudo nginx -t to test your configuration. If the configuration is correct, you’ll see a message saying configuration file /etc/nginx/nginx.conf test is successful. If you see any error messages, check your configuration file for any syntax errors and correct them.

• Reload or restart Nginx: Once your configuration is correct, you should reload or restart Nginx to apply the changes. You can do this with the command sudo systemctl reload nginx or sudo systemctl restart nginx.

Hope that this helps!

Best,

Bobby

And where is the problem? Copy and paste the two certificates in two files in one folder and change the path in your vhost from the certs of the actually SSL Files to the new two files you created. Don’t forget to set the rights with chown / chmod.