How To Enable HTTPS For Nginx Website That Use CDN (CloudFlare)

Leave a Comment / Network Tutorial / December 22, 2020 /

This article is a continuance of article How To Fix Nginx Redirect To Wrong Website Error When There Are Multiple WebSites. In this article, we will tell you how to enable https to domain test-1.com which use CloudFlare’s CDN service to the domain.

1. Enable HTTPS To Domain Which Use CloudFlare CDN Service Steps.

We will use BT website panel to manage websites in this example. If you are not familiar with it, you can read article How To Install BT VPS Control Panel And Restore WordPress Website Into It

  1. First login to BT panel, select 网站 (websites) in left panel.
  2. Then click the website name ( test-1.com ) in right panel websites list.
  3. Click SSL in popup window left menu list.
  4. Click Let’s Encrypt tab in right panel.
  5. Check the checkbox before website domain.
  6. Click 申请 ( Apply ) button to apply the SSL certificate.
  7. The domain test-1.com use CloudFlare CDN service, then you will find above apply process fail.
  8. This is because during apply Let’s Encrypt CA process, it will connect files to url http://test-1.com/.well-known/acme-challenge/ to verify the ownership of the domain website.
  9. But CloudFlare will change all http:// protocol request to https:// protocol request, then http://test-1.com/.well-known/acme-challenge/ will be changed to https://test-1.com/.well-known/acme-challenge/
  10. And domain test-1.com has not enable https, but iphone-how-to.com has enabled https, then the request to https://test-1.com/.well-known/acme-challenge/will be routed to https://www.iphone-how-to.com to process, which is not correct. You can learn this in article How To Fix Nginx Redirect To Wrong Website Error When There Are Multiple WebSites.
  11. Then Let’s Encrypt CA center can not verify the ownership of the domain, then the apply https process failed.
  12. To fix this issue is very easy, you just need to turn off Always Use HTTPS in CloudFlare —> SSL/TLS —> Edge Certificates section.
  13. Now when Let’s Encrypt CA center connect to url http://test-1.com/.well-known/acme-challenge/, CloudFlare will not change the http:// protocol to https:// protocol.
  14. And Nginx server can find the request domain website http://test-1.com to process the request because it is not a https request which is not enabled for domain test-1.com.
  15. Now Let’s Encrypt center can verify the ownership of the request domain, then you can enable https for test-1.com.
  16. After that, you should go back to CloudFlare and turn on Always Use HTTPS in CloudFlare —> SSL/TLS —> Edge Certificates section.
    always use https
  17. Because test-1.com domain website support https now, so you should select Full in CloudFlare —> SSL/TLS —> Overview—> Encryption Mode section like below picture.
    cloudflare ssl:tls encryption mode

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.