Troubleshooting SSL Issues with CapRover and CloudFlare Integration

TLDR;

Tip for users trying to deploy with CloudFlare, it took me a loooong time of trial and error to find at that you have to Disable “Always Use HTTPS” under SSL/TLS > "Edge Certificates" in CloudFlare to be able to Enable SSL on a CapRover App.

Introduction

Deploying applications using CapRover can greatly simplify the management of your NodeJS, Python, PHP, ASP.NET, Ruby, MySQL, MongoDB, Postgres, WordPress, and other applications. However, when integrating CapRover with CloudFlare for SSL/TLS certificates, you may encounter some issues that can prevent your apps from being accessible. In this blog, we will discuss a common problem and its solution when enabling SSL on CapRover apps with CloudFlare.

Problem

After migrating my Express projects to CapRover and configuring the necessary files and (Github) actions, you might find that your app is not accessible. Instead, you encounter a “Nothing here yet :/” screen. If you try the “Enable SSL” button, you’ll see the error “1107: Verification Failed.” as seen in the image below.

Upon investigating, I discovered that the non-SSL version of my app responded with an “HTTP/1.1 301 Moved Permanently” status.
I did this using this cURL command:

curl http://[project-url] -r

Note the ‘http’, as you’ll try the non-SSL version of your app.

The 301-header was strange, because that’s not what CapRover stated as “Force HTTPS by redirecting all HTTP traffic to HTTPS” was not turned on.

Furthermore, I noticed that the “Server” header of the response displayed “cloudflare”. This revelation leads me to believe that the issue lies within CloudFlare.

Solution

To resolve the SSL issue with CapRover and CloudFlare, follow these steps:

Step 1: Access CloudFlare Dashboard
Log in to your CloudFlare account and navigate to your website’s dashboard.

Step 2: Go to SSL/TLS Settings
In the CloudFlare dashboard, find the SSL/TLS option and click on it.

Step 3: Disable “Always Use HTTPS”
Under the “Edge Certificates” section, locate the “Always Use HTTPS” option and disable it.

Step 4: Save Changes
After making these changes, save the settings and confirm any prompts that may appear.

After you turned off above settings in the CloudFlare dashboard, you’ll be able to click “Enable SSL” in your CapRover instance immediately.

Explanation

The reason for these issues is that CapRover encounters a verification failure (error code 1107) when trying to enable SSL. By default, CloudFlare forces HTTPS on websites. This interferes with the verification process conducted by CapRover, or Let’s Encrypt specifically. Disabling these settings helps prevent conflicts and resolves the verification failure.

Conclusion

Configuring SSL on CapRover apps using CloudFlare integration can sometimes involve troubleshooting unexpected issues. When encountering the “1107: Verification Failed” error, it is crucial to look into CloudFlare settings and disable “Always Use HTTPS” to resolve the problem.

By following the steps outlined above, you can overcome the SSL verification failure and enable SSL successfully for your CapRover applications. Remember, documenting your debugging process and sharing your solutions with the developer community helps others facing similar challenges. Happy coding!

Sebastiaan


Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *