How to setup virtualmin to use cloudflare

General
1

The goal is to have free ssl from cloudflare. So I moved dns records to cloudflare and is showing me - Certificate is Active. When I go to ‘Analytics tab’ it shows me traffic that is coming to the website. But when I enter the site https://www.zampadebattista.com I’m getting ‘Your connection is not private’. It look that virtualmin is using his own self-signed certificate that I didn’t setup. Do I need change something in virtualmin?

Thanks for your help

2

The issue you’re experiencing occurs because your server is presenting its self-signed certificate rather than the Cloudflare-issued certificate. To resolve this and ensure that your site works with Cloudflare’s SSL, follow these steps:

Step 1: Verify Cloudflare SSL Mode

Cloudflare offers several SSL modes. Set the appropriate mode for your setup:

  1. Log in to Cloudflare and go to your domain’s SSL/TLS settings.
  2. Ensure the SSL mode is set to Full or Full (Strict):
  • Full: Requires a valid SSL certificate (self-signed is acceptable) on your server.
  • Full (Strict): Requires a valid and trusted SSL certificate on your server.

Step 2: Update Virtualmin SSL Settings

You need to configure Virtualmin to work with Cloudflare SSL.

A. Disable the Self-Signed Certificate

  1. Log in to Virtualmin.
  2. Navigate to Server Configuration > SSL Certificate.
  3. Under the Current Certificate tab, confirm the presence of the self-signed certificate.
  4. If you don’t need the self-signed certificate, delete it by clicking the Delete Certificate button.

B. Use Cloudflare’s Origin Certificate (Optional)

If you want tighter security, you can generate a Cloudflare Origin Certificate to install on your server. Here’s how:

  1. In Cloudflare, go to SSL/TLS > Origin Server.
  2. Click Create Certificate and select a 15-year certificate.
  3. Download the certificate and private key.
  4. Upload these to Virtualmin:
  • Go to Server Configuration > SSL Certificate.
  • Under the Upload Certificate tab, upload the certificate and private key files from Cloudflare.
  • Save the changes.

Step 3: Redirect All Traffic to HTTPS

Ensure all traffic is redirected to HTTPS by adding a redirect rule:

A. Using .htaccess (for Apache)

If your website uses .htaccess:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

B. For NGINX

If you’re using NGINX:

server {
    listen 80;
    server_name www.zampadebattista.com zampadebattista.com;

    return 301 https://$host$request_uri;
}

Step 4: Update DNS and Ensure Propagation

  • Ensure your Cloudflare DNS records (A, CNAME, etc.) are correctly set up.
  • If you’re using an A record, ensure it points to your server’s IP.
  • Wait for DNS propagation if you made recent changes.

Step 5: Test the Setup

  1. Visit your website using HTTPS: https://www.zampadebattista.com.
  2. Use SSL Labs to test your SSL configuration.

Step 6: Clear Cache

Cloudflare caches settings and files. If you made any changes, clear the cache:

  • Go to Caching in Cloudflare and click Purge Everything.

If the problem persists, let me know, and we can troubleshoot further!