How to issue a Cloudflare Origin Server Ceritificate

hello guys.
i want to use cloudflare origin server ssl.
on the cyberpanel there is only two inputs for ssl (Paste Your Cert, Paste Your Key).
how can i deploy origin ca certificate for cloudflare on cyberpanel?
can you help me please?

Welcome @fatihcr Happy New Year

Did you follow the instructions here Origin CA certificates · Cloudflare SSL/TLS docs

Step 10 clearly states:

Copy the signed Origin Certificate and Private Key into separate files.

With these go to https://SERVER_URL:8090/websites/mywebsiteforcf.com

Click on Add SSL and add Origin Certificate on the left and Private Key on the right

KOZMAR.NET HAS SSL FROM CLOUDFLARE, INC…

Your SSL will expire in 5474 days.

now i see this on my panel.
i choose strict on cloudflare ssl section.

but its not working something wrong.

i get this error
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

For ssl mode choosing Full (strict) will not work with cyberpanel Origin CA certificates · Cloudflare SSL/TLS docs

See this CyberPanel + Cloudflare proxy trick - #4 by tmoore

@josephgodwinke i changed the cyberpanel port.
how can i manually change the hostname cert file?

​​4. (required for some) Add Cloudflare Origin CA root certificates

Some origin web servers require upload of the Cloudflare Origin CA root certificate. Click a link below to download either an RSA and ECC version of the Cloudflare Origin CA root certificate:

  • [Cloudflare Origin ECC PEM] (do not use with Apache cPanel)
  • [Cloudflare Origin RSA PEM]

i need to do this right?

you mean edge certificate?

You tried this How to issue a Cloudflare Origin Server Ceritificate - #2 by josephgodwinke and it did not work for you ?


I did everything in the instructions correctly, but as seen in the screenshot, the certificate appears as google trusted instead of cloudflare.

I am trying to set it like cyberpanel.net ssl certificate.
example:


should i disable edge certificate in cloudflare ssl settings?

Thank you for the help.

You have an universal edge certificate ?

For the primary domain or just another domain in your server ?

yes its made by cloudflare automatically when i locate my web site to cloudflare.
ssl doesnt work when i disable it.
no any other domain in my server. i have only kozmar.net

It seems your domain already has an issued ssl certificate.

OR

this is the custom ssl certificate you used for an Edge Certificate ?

You can remove this certificate

rm -f /etc/letsencrypt/live/kozmar.net/privkey.pem && rm -f /etc/letsencrypt/live/kozmar.net/fullchain.pem

Origin certificates are encrypt traffic between Cloudflare and your origin web server and reduce origin bandwidth consumption these are the certificates that you can use with strict ssl mode (not recommended with cyberpanel)

Edge certificates are provided by Cloudflare and shown to your visitors. They will encrypt traffic between your visitors and Cloudflare (this is more important) surely this is what you need