How to install Cloudflare Origin certificate on Hostinger14th March 2019
In a previous article we were having redirect loops and 525 problems after a few months,despite the fact our Let’s Encrypt certificate was being renewed correctly with the help of a Cron job.Also the server resources were spiking extremely high,something that is related with the inability of Cloudflare to communicate at times with Let’s Encrypt CA.
The solution was to ditch the Let’s Encrypt certificate and install a cloudflare origin certificate.The only downside is that if we later decide to get the website out of cloudflare it will appear as not secure because cloudflare origin CA is treated by browsers like a self signed CA.
In my case though Hostinger does not support out of the box Let’s Encrypt CA installation so an end-to-end encryption with Cloudflare is the best option.
First revoke the existing let’s encrypt certificate,bypass this step if there is no CA on the server.For this step access to the host’s cli is needed:
php bin/acme revoke --name example.com --server letsencrypt
and delete the certificate from Hostinger Cpanel by going to Advanced -> SSL -> Actions -> Disable.
Also delete cron jobs related to the certificate by going to Advanced -> Cron jobs.
Then on Cloudflare Dashboard go to Crypto tab and scroll down to Origin Certificates and select Create Certificate:
On the first page of the wizard the defaults will be fine,the hostnames indicated are the ones already stated on cloudflare.
On the next page Cloudflare generates an origin certificate and a private key,copy them both into two separate txt files because after pressing OK the certs will not be available again.
Back to Hostinger
Now go back to Hostinger Cpanel dashboard on the ssl tab, and on the custom ssl tab select your site,paste the certificate and the private key already saved in the txt files into the appropriate boxes.
There is one last input box called CERTIFICATE AUTHORITY BUNDLE (CABUNDLE), here we need to input the root certificate of Cloudflare which we can find here. For Hostinger we need the RSA cert.
Paste the root certificate,press install and after a while we will see a cloudflare cert active on the installed SSL info box.
Back on Cloudflare
After the installation we must go back to the Cloudflare dashboard and change on the Crypto tab our SSL to full(strict).