Set up an SSL certificate for a domain or subdomain managed by CloudFlare

Did you add a custom domain managed by CloudFlare to JotUrl (find out how to do it here) and want to install an SSL certificate?

First of all you need to install an SSL certificate on CloudFlare:

1. Log in to your CloudFlare account.

2. Click on your domain name.

3. On the domain Details page, click on SSL/TLS:

4. The Crypto settings page will open
5. On the SSL section select Full on the right, please click on Help for details
6. Scroll down the page to the Origin Certificates section and click on Create certificate, please click on Help for details
7. A configuration dialog will appear
8. select Let Cloudflare generate a private key and a CSR
9. if you want to configure a domain (e.g., example.com), enter in List the hostnames your domain (example.com). If you also want to configure the www. subdomain, please enter it in the list (www.example.com).
10. Alternatively to step 9, if you want to configure a subdomain/third-level domain (e.g., go.example.com), enter the full subdomain/third-level domain in List the hostnames.
11. WARNING: enter only the hostnames corresponding to the custom domain in JotUrl, all certificates containing domains other domains will be discarded. Examples:
    • mycustomdomain.com → correct
    • mycustomdomain.com, www.mycustomdomain.com → correct
    • go.mycustomdomain.com → correct
    • www.mycustomdomain.com → wrong
    • mycustomdomain.com, www.mycustomdomain.com, *.mycustomdomain.com → wrong
    • mycustomdomain.com, www.mycustomdomain.com, anotherdomain.com → wrong
    • go.mycustomdomain.com, www.mycustomdomain.com → wrong
    • go.mycustomdomain.com, anotherdomain.com → wrong
12. leave the Certificate Validity unchanged (it should be 15 years).
13. Click on Next.
14. Select PEM in the Key Format.
15. Copy the signed Origin Certificate and Private key details into separate files (for example certificate.txt and private.txt, respectively). Don't forget to copy the headers, the files must be in the form:

    ----- BEGIN CERTIFICATE -----
    ...
    ----- END CERTIFICATE -----

16. Click here to download the Cloudflare Origin CA root certificate
17. Now that you have the private key, the certificate and the CA root certificate, navigate to SSL certificates on JotUrl.
18. Click on Add new certificate/domain association in the upper right corner, a dialog will appear
19. select your domain/subdomain in Domain associated with the certificate
20. check I have the private key file, the cert file, root and intermediates certificates (PEM)
21. upload your private key (private.txt) in Private key (PEM), your certificate (certificate.txt) in Certificate (PEM) and your CA root certificate (ca.txt) in CA Certificate #1 (PEM).
22. click on Save to install the certificate.

Please note that CloudFlare Origin Certificates are only valid for encryption between Cloudflare and our servers, they are not trusted in any browsers. In other words, this flow will work:

user → click → CloudFlare → Origin Certificate on JotUrl → CloudFlare → user

But this one will not work:

user → click → Origin Certificate on JotUrl → SSL error (HTTP 503)