How to install Cloudflare Origin certificate on Hostinger
14th March 2019Introduction
In a previous article we were having redirect loops and 525 problems after a few months,despite the fact our Let’s Encrypt certificate was being renewed correctly with the help of a Cron job.Also the server resources were spiking extremely high,something that is related with the inability of Cloudflare to communicate at times with Let’s Encrypt CA.
The solution was to ditch the Let’s Encrypt certificate and install a cloudflare origin certificate.The only downside is that if we later decide to get the website out of cloudflare it will appear as not secure because cloudflare origin CA is treated by browsers like a self signed CA.
In my case though Hostinger does not support out of the box Let’s Encrypt CA installation so an end-to-end encryption with Cloudflare is the best option.
Hostinger Dashboard
First revoke the existing let’s encrypt certificate,bypass this step if there is no CA on the server.For this step access to the host’s cli is needed:
php bin/acme revoke --name example.com --server letsencryptand delete the certificate from Hostinger Cpanel by going to Advanced -> SSL -> Actions -> Disable.
Also delete cron jobs related to the certificate by going to Advanced -> Cron jobs.
Cloudflare Dashboard
Then on Cloudflare Dashboard go to Crypto tab and scroll down to Origin Certificates and select Create Certificate:
On the first page of the wizard the defaults will be fine,the hostnames indicated are the ones already stated on cloudflare.
On the next page Cloudflare generates an origin certificate and a private key,copy them both into two separate txt files because after pressing OK the certs will not be available again.
Back to Hostinger
Now go back to Hostinger Cpanel dashboard on the ssl tab, and on the custom ssl tab select your site,paste the certificate and the private key already saved in the txt files into the appropriate boxes.
There is one last input box called CERTIFICATE AUTHORITY BUNDLE (CABUNDLE), here we need to input the root certificate of Cloudflare which we can find here. For Hostinger we need the RSA cert.
Paste the root certificate,press install and after a while we will see a cloudflare cert active on the installed SSL info box.
Back on Cloudflare
After the installation we must go back to the Cloudflare dashboard and change on the Crypto tab our SSL to full(strict).
THANK YOU SO MUCH LOVE YOU BROTHER I COULDN’T FIGURE THIS OUT FOR LIKE 3 HOURS AND YOUR TUTORIAL HELPED ME SO MUCH. I DIDN’T KNOW WHERE TO GET THE CA BUNDLE LMAO. 💚
Thanks so much for clearing up the CA Bundle part, I love you 💚💚🐍🐍
Peace and love brother!
Thanks Man! It helped a lot.
I purchased domain from Namecheap and using hostinger hosting. When I am adding site in cloudflare its saying to update name server to namecheap. While I have updated name server of hostinger in namecheap. Then what to do?
You should change the nameserver in namecheap where you have your domain if i understood correctly.