Uploading the cloudflare .pem file to plesk gives an error :
Could not issue an SSL/TLS certificate for yourdomain.com
The private key is invalid. Please double-check and try again.
Cloudflare Full SSL
Adding the Cloudflare Origin Certificate to Plesk is used to provide encryption between Cloudflare and your origin server. Enabling this free SSL/TLS certificate will allow you to choose ‘Full (Strict)’ SSL.
Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server
Generate CF Origin Certificates and Private Keys
Generating the keys required for Full (Strict) is available in the cloudflare dashboard. The free SSL/TLS certificates are only useful for use with cloudflare hosted sites and need to be installed into the plesk server. Follow these cloudflare instructions to generate the Origin SSL keys. Don’t navigate away from the screen with your private key. Copy and paste this into a .txt file and save it for future reference. You won’t be able to view the private key again from within cloudflare.
Install SSL to Plesk
This is where the problems can start. What should be a very simple process can throw up an error that doesn’t help much. Thankfully the solution is available and quick to implement. This solution will get the cloudflare SSL/TSL origin certificate and private key installed on your Plesk powered server.
When you choose to upload the .pem file supplied by cloudflare you get an error message ‘The private key is invalid. Please double-check and try again.’ Trying again doesn’t solve the problem. There is also no mention of how to upload the cloudflare generated private key.
The Solution is to not use the upload buttons presented to you in Plesk server to add a .PEM file to the site. Do not use the feature of SSL/TLS certificate:
‘Upload a certificate you already purchased
Where can I find the .pem file?’
Don’t upload the .pem file.
Alternately the method of just copy and pasting the two cloudflare keys will work.
Adding the Certificate and Private Keys
From withing your Plesk server domain:
Navigate to: Websites & Domains, Security SSL/TLS Certificates, Advanced Settings (button), Add SSL/TLS Certificate (button).
You will arrive at the advanced, yet simple to use SSL/TLS installation page that bypasses the need for .pem files.
Give the certificate a name (to help you identify it from a list later)
Paste the full private key into the empty box labelled ‘Private key (*.key) *’
—–BEGIN PRIVATE KEY—–
—–END PRIVATE KEY—–
Paste the full certificate into the empty box labelled ‘Certificate (*.crt) *’
Don’t put anything in the empty box labelled ‘CA certificate (*-ca.crt)’, just leave it blank as this is not required.
Click the button ‘Upload Certificate’ and then follow the link to make this certificate active referencing the name you chose to identify it with earlier.
Cloudflare Full Strict Enable
With the .pem file installed to Plesk and selected as enabled you can now set the cloudflare setting to strict SSL (full) that will utilise the Origin SSL/TLS certificate you have just successfully installed and activated.