r/CloudFlare: Hestia CPannel not installing the CF's origin SSl

💡

This article archives a conversation, which took place in a subreddit post (original source linked below) and to which I contributed a solution or answer (with the u/MasterofSynapse handle), in a Q&A format.

Original Reddit post: https://www.reddit.com/r/CloudFlare/comments/105pnau/hestia_cpannel_not_installing_the_cfs_origin_ssl/

Question

I am trying to install CF's origin ssl certificate on Hestia Cpannle and websites that i hosted on Hestia. But it is still showing Let's encrypt ssl. I even created a directory and put the certificate files on it. Updated the path in Nginx and v-update-host-certificate. Rebooted and cleared cache, but it is still showing let's encrypt ssl.

Answer

When you proxy anything through Cloudflare, the first certificate in the chain will be shown to you, so the edge certificate that CF deploys be default to any DNS zone. One of the CAs that CF uses for this edge cert is Lets Encrypt, that is why you see a cert from them.

The origin SSL cert is only useful if you use e.g. Cloudflare Tunnel and want to have HTTPS within that tunnel but don't have a trusted certificate to achieve this.

The origin SSL cert, as the name already implies, is for communication between CF and the origin server, so you will never see it, when you use the CF proxy.