Setting up your cPanel website with Cloudflare SSL

and published
install cloudflare ssl in cpanel

In this tutorial, we will cover the necessary steps to establishing a secure connection between Cloudflare and your cPanel hosting account. This guide does not cover how to enforce SSL with Cloudflare, updating your WordPress Site Address URL or fixing mixed content issues.

How to create a Cloudflare SSL Certificate for cPanel

  1. Login to Cloudflare
  2. Select your site using the dropdown menu found in the upper left corner
  3. Click the Crypto icon at the top of the screen
  4. Scroll down a little until you get to the Origin Certificates
  5. Click Create Certificate
  6. The options here you want are:
    1. Let Cloudflare generate a private key and a CSR
    2. Private key type: RSA
    3. Hostnames should be:
      • *.example.com
      • example.com
    4. Certificate Validity: 15 years or shorter if you like
    5. Click next
  7. Cloudflare should have now generated your private key and server-side SSL certificate (Origin Certificate) Ensure the key format is set to PEM (Default)
    1. Copy the Origin Certificate to notepad, you will need this in a moment
    2. Copy the private key to notepad, you will need this in just a moment
    3. Web Server for installation should be set Apache httpd
  8. Now proceed to the next panel to install what you just created by Cloudflare in cPanel

How to install your Cloudflare SSL Certificate in cPanel

Please note that these cPanel directions are made using the ‘basic’ theme style and not the ‘retro’, switching the style will allow you to follow these steps easier.

  1. Login to cPanel
  2. Scroll down to the security section and click SSL/TLS
  3. Private Keys (KEY)
    1. Click the hyperlink: Generate, view, upload, or delete your private keys
    2. Scroll down and past Generate a New Private Key until you reach Upload a New Private Key
    3. Refer to your notepad document that you made earlier, copy the private key and paste it underneath “Paste the key into the following text box”
    4. Adding a description below can help you identify this SSL install later on
    5. Click Save
    6. Scroll to the bottom of the page and click Return to the SSL manager
  4. Certificates (CRT)
    1. Click the hyperlink: Generate, view, upload, or delete SSL certificates
    2. Scroll down to Upload a New Certificate and once again refer to your notepad document and this time copy and paste the Origin Certificate into the box below “Paste the certificate into the following text box”
    3. Add a description if you like to help identify this install, esepically if you know that you have previous used other SSL certs in the past
    4. Click Save Certificate
    5. Scroll to the bottom of the page and click Return to the SSL manager
  5. Install and Manage SSL for your site (HTTPS)
    1. Click the hyperlink Manage SSL sites
    2. Scroll down until you find “Install an SSL Website”
    3. Click Browse Certificates and radio check the one that you uploaded a few moments ago and then click use Certificate
    4. You may get a warning “The certificate does not match your selected domain.” But don’t worry, the next step will resolve this issue
    5. In the dropdown select list, choose your domain which will look something like example.com (www.example.com), the error warning message in the previous step should now disappear
    6. You should now notice that the box underneath Certificate Authority Bundle: (CABUNDLE) is blank, for this you need to add the Cloudflare Origin CA – RSA Root Certificate. You can find the CA Bundle below.
      -----BEGIN CERTIFICATE-----
      MIID/DCCAuagAwIBAgIID+rOSdTGfGcwCwYJKoZIhvcNAQELMIGLMQswCQYDVQQG
      EwJVUzEZMBcGA1UEChMQQ2xvdWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRG
      bGFyZSBPcmlnaW4gU1NMIENlcnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMN
      U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTAeFw0xNDExMTMyMDM4
      NTBaFw0xOTExMTQwMTQzNTBaMIGLMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xv
      dWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRGbGFyZSBPcmlnaW4gU1NMIENl
      cnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEG
      A1UECBMKQ2FsaWZvcm5pYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
      AMBIlWf1KEKR5hbB75OYrAcUXobpD/AxvSYRXr91mbRu+lqE7YbyyRUShQh15lem
      ef+umeEtPZoLFLhcLyczJxOhI+siLGDQm/a/UDkWvAXYa5DZ+pHU5ct5nZ8pGzqJ
      p8G1Hy5RMVYDXZT9F6EaHjMG0OOffH6Ih25TtgfyyrjXycwDH0u6GXt+G/rywcqz
      /9W4Aki3XNQMUHNQAtBLEEIYHMkyTYJxuL2tXO6ID5cCsoWw8meHufTeZW2DyUpl
      yP3AHt4149RQSyWZMJ6AyntL9d8Xhfpxd9rJkh9Kge2iV9rQTFuE1rRT5s7OSJcK
      xUsklgHcGHYMcNfNMilNHb8CAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgAGMBIGA1Ud
      EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFCToU1ddfDRAh6nrlNu64RZ4/CmkMB8G
      A1UdIwQYMBaAFCToU1ddfDRAh6nrlNu64RZ4/CmkMAsGCSqGSIb3DQEBCwOCAQEA
      cQDBVAoRrhhsGegsSFsv1w8v27zzHKaJNv6ffLGIRvXK8VKKK0gKXh2zQtN9SnaD
      gYNe7Pr4C3I8ooYKRJJWLsmEHdGdnYYmj0OJfGrfQf6MLIc/11bQhLepZTxdhFYh
      QGgDl6gRmb8aDwk7Q92BPvek5nMzaWlP82ixavvYI+okoSY8pwdcVKobx6rWzMWz
      ZEC9M6H3F0dDYE23XcCFIdgNSAmmGyXPBstOe0aAJXwJTxOEPn36VWr0PKIQJy5Y
      4o1wpMpqCOIwWc8J9REV/REzN6Z1LXImdUgXIXOwrz56gKUJzPejtBQyIGj0mveX
      Fu6q54beR89jDc+oABmOgg==
      -----END CERTIFICATE-----

    7. Make sure the checkbox Enable SNI for Mail Services is checked, this option is important for sites that use contact forms or other web design assets that use the sendmail feature.
    8. Finally click install and congratulations, you have now installed you Cloudflare SSL TLS cert to cPanel and the connection between your hosting package and Cloudare is now encrypted.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

10 Responses to “Setting up your cPanel website with Cloudflare SSL”

  1. Abdulwahab Suleiman

    Hi, thanks very much for this article.

    I came across your post last week and implemented the above steps on my blog but after two days of applying my flexible SSL certificate was still pending. I contacted their support and they explained the delay wasn’t from their own end. I later came across another article on Let’s Encrypt free SSL. I implemented the steps and it was like magic. Check my blog Hi, thanks very much for this article.

    The let’s encrypt SSL is active though will have to renew it every 3months.

    Thanks again for the great piece.

    Reply
    • I’d rather use Cloudflares personally, because it doesn’t expire for many years! and is just as secure. If you had problems then its like a temporary issue with Cloudflare or your server, because millions of sites use Cloudflare SSL without issues as you have described.

      Reply
  2. Thanks for sharing, now I can also secure my websites.

    Reply
  3. Hi there.

    Today, I decided to try Cloudflare SSL for one of my websites. I was a bit confused as I haven’t done this before. Then I found your tutorial and I did it within 10 min and everything works like a charm. Great step-by-step explanation! Very useful and just wanted to say thanks. Thumbs Up!

    Cheers,

    Dave

    Reply
  4. Thanks for explaining the whole process in easiest way possible. But, it didn’t worked for me. after implementing the whole process, when I tried to install WordPress from cPanel and selected the “https” option. It gives me an error: A trusted SSL Certificate was not found, I tried to use this on my installed WordPress. It’s giving me error in chrome. 🙁

    Reply
    • Sounds like you already have a certification installed (a self cert), in cPanel and within manage SSL can you see two installs? if so, click primary on the Cloudflare one. If you don’t see two… then its possibly because you haven’t waited long enough for the changes to place. When adding SSL, it can take between 10-30mins for the settings to take place. Also ensure that you have ‘FULL STRICT’ in the Crypto TAB on Cloudflare.

      Reply
      • Thanks Simon,
        I just checked, Cloudflare also mentioned that “SSL certificate issuance may take up to 24 hours.”
        do you think this is the main reason? I checked right after installing the certificate? I’ve done selecting the certificate from Manage.

        Reply
  5. I found this blog and followed the above steps but after everything what happens is my site redirects to /cgi/default what could be causing this issue when the ssl is showing up?

    Reply
    • Hi Peter, redirects are generally associated with the content management system, htaccess, virtual host or DNS, so its likely one of those that is affecting the install and not the SSL cert.

      I have taken a look at the domain question and I can see that the SSL is installed correctly (see image below) and not redirecting, so I assume that you corrected the issue.

      SSL Cloudflare test results

      However I did notice that your SSL is being blocked by mixed content, which appears to be various logos and payment icons. You should ensure that every resource is loaded over HTTPS otherwise some browsers will warn your visitors or customers that the page is unsecure, or worse unsafe.

      Reply