[Bitnami WordPress] How to Install Cloudflare Origin CA Certificate for Bitnami WordPress instance on AWS EC2 Linux webserver

[timelinetoparadise]

Describe your issue as much as you can

Hello team!

I would love to find a tutorial on How to Install a Cloudflare Origin CA Certificate on a Bitnami WordPress instance running on an Amazon AWS EC2 Linux web server.

First, I set up my custom domain name with a third party, and redirected to Cloudflare's nameservers.
Then I set up an account with Amazon AWS, and added AMIs from the Amazon Marketplace, as EC2 instances

• Amazon Linux
• Bitnami WordPress
  I set up Cloudflare to provide Full SSL/TLS encryption for the domain name, and used an Elastic IP address on the Bitnami WordPress EC2 instance to create a static IP address for the domain name.
  Then I created a Cloudflare Origin CA Certificate

I'm stuck on how to get this certificate set up properly on the Bitnami WordPress EC2 instance. Which I believe is the Origin Server. Imported pem and key certificate files to AWS Certificate Manager, but came up with an error when changing Cloudflare SSL/TLS from "Full" to "Strict"

There are many instructions which I am starting to find confusing:

• bncert, Let's Encrypt, Cloudfront, load balancer, nano, puTTY, FileZilla, DigiCert, Security Groups, Amazon API Gateway, AWS Certificate Manager.
• I have set up access to my Bitnami WordPress via PuTTY SSH and SSH Tunneling, and also via FileZilla SFTP.
• I have used vi many years ago, but not nano.
• About to look at a YouTube video called "Enable and setup Cloudflare Origin CA certificate on Apache server "

Hope someone can help clarify the most simple and direct route to take. Happy to provide more details.

Thanks in advance.
Anna
(Beginner website builder - attempting to create a free secure website to run a small ecommerce shop)

[gongomgra]

Hi @timelinetoparadise,

Thanks for using Bitnami. If you enable the strict mode in Cloudflare, every connection between your server and CloudFlare's is performed using HTTPS. You will have to secure the webserver with a valid SSL certificate (either from Let's Encrypt or with a custom certificate). Because your server is behind CloudFlare, I don't think the Let's Encrypt HTTP verification will work when generating the certificate, and you will have to use a different validation method like DNS.

We recommend you to check the official Let's Encrypt forums for further help on this custom scenario

https://community.letsencrypt.org/

Hope it helps!

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.