How To Enable HTTPS For Nginx Website That Use CDN (CloudFlare)

Leave a Comment / Network Tutorial /

This article is a continuance of the article How To Fix Nginx Redirect To Wrong Website Error When There Are Multiple WebSites. In this article, we will tell you how to enable HTTPS to domain test-1.com which use CloudFlare’s CDN service to the domain.

1. Enable HTTPS To Domain Which Uses Cloudflare CDN Service Steps.

We will use the BT website panel to manage websites in this example. If you are not familiar with it, you can read the article How To Install BT VPS Control Panel And Restore WordPress Website Into It

  1. First login to BT panel, select 网站 (websites) in the left panel.
  2. Then click the website name ( test-1.com ) in the right panel websites list.
  3. Click SSL in the popup window left menu list.
  4. Click the Let’s Encrypt tab in the right panel.
  5. Check the checkbox before the website domain.
  6. Click 申请 ( Apply ) button to apply for the SSL certificate.
  7. The domain test-1.com use Cloudflare CDN service, then you will find the above apply process failed.
  8. This is because during apply Let’s Encrypt CA process, it will connect files to URL http://test-1.com/.well-known/acme-challenge/ to verify the ownership of the domain website.
  9. But Cloudflare will change all http:// protocol request to https:// protocol request, then http://test-1.com/.well-known/acme-challenge/ will be changed to https://test-1.com/.well-known/acme-challenge/.
  10. And domain test-1.com has not enabled the HTTPS feature, but iphone-how-to.com has enabled HTTPS, then the request to https://test-1.com/.well-known/acme-challenge/will be routed to https://www.iphone-how-to.com to process, which is not correct. You can learn this in the article How To Fix Nginx Redirect To Wrong Website Error When There Are Multiple WebSites.
  11. Then Let’s Encrypt CA center can not verify the ownership of the domain, then the apply SSL certificate process failed.

2. How To Fix The Apply SSL Failed Error.

  1. To fix this issue is very easy, you just need to turn off Always Use HTTPS in Cloudflare —> SSL/TLS —> Edge Certificates section.
  2. And you also need to change the SSL/TLS encryption mode to Off(not secure) by selecting the Off(not secure) radio button in Cloudflare —> SSL/TLS —> Overview section
  3. Now when Let’s Encrypt CA center connect to URL http://test-1.com/.well-known/acme-challenge/, Cloudflare will not change the http:// protocol to https:// protocol.
  4. And Nginx server can find the request domain website http://test-1.com to process the request because it is not an HTTPS request which is not enabled for the domain test-1.com.
  5. Now Let’s Encrypt CA center can verify the ownership of the requested domain, then you can enable HTTPS for test-1.com.
  6. After that, you should go back to Cloudflare and turn on Always Use HTTPS in Cloudflare —> SSL/TLS —> Edge Certificates section.
  7. Because test-1.com domain website support HTTPS now, so you should select Full in CloudFlare —> SSL/TLS —> Overview—> Encryption Mode section.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Clicky