My clients often ask me if there’s a free SSL and my answer is Cloudflare every time. It works great with it’s flexible SSL open but the problem with it’s flexible SSL is communication between our server and cloudflare isn’t secure. So how to make it secure? Use Letsencrypt. Simple ! huh?
It won’t work. Why? Because Letsencrypt verifies A records pointing to server you are issuing certificate on. So you can either use Cloudflare or Letsencrypt but what avout cloudflare caching and speed boosting. Luckily you can use both.
- Goto cloudflare and your domain dns
2.Click orange cloud icons against @ and www records to make them grey ( disable cloudflare redirection and IP masking)
3. Go to your server and issue certificate via letsencrypt
4.Click grey cloud icons against @ and www records to make them orange ( enable cloudflare redirection and IP masking)
5. Go to Crypto tab and switch to full (strict) mode.
Now your site is faster and end to end secure,
Hi, thank you for this post
In the Crypto options, there’s an option to turn Off the SSL. What If I just disable the SSL on Cloudflare and use my Let’s Encrypt SSL, what is going to happen?
letsencrypt is a 100% legit browser trusted ssl certificate. if you want to use it, you must route any dns entries off cloudflare by clicking cloud icons next to them . if you have disabled ssl from cloudflare you won’t be able to get traffic to any cloudflare routed subdomain