After an entire day spent tackling Roots (each day I hit road blocks but with the help of the community each day I’ve gotten a little further). After a lot of guidance from “fullyint” I was able to successfully deploy to DigitalOcean. Logged into DO and I see all the files there and the nginx server blocks all look right and everything which is great.
But when I go to the website which is https only, in both safari and chrome it says it can’t verify the the identity of the website. That the certificate expires in 2025 and “This root certificate is not trusted.” If I trust it manually site works.
I like most devs I assume, use CloudFlare for DNS which automatically provides SSL and has worked smoothly and automatically for all sites I’ve used before, but this is the the first site using CloudFlare SSL with a Roots Deployment. I use the default “Flexible SSL” option which doesn’t require a certificate on the server, but wondering if the Roots setup requires SSL on the server and to then change CloudFlare SSL setting to Full SSL or Full Strict SSL.
I’ll investigate but thought I’d check to see if anyone has any experience with CloudFlare and Roots and the recommended SSL setup assuming the normal flexible option doesn’t work out the box. Thanks!
Update - changing from flexible to full in CloudFlare causes site to load in Safari without a problem. Curious how that would work, since it requires certificate on server and I haven’t added one, unless that automatically happens during trellis deployment? In Chrome it now loads, but https is in red and says:
Your connection to dadduo.com is encrypted using a modern cipher suite. Further, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_ECDSA as the key exchange mechanism.