AT&T nameservers and SSL

The registrar for my domain, AETRobotics.com, is AT&T (via Tucows) which also hosts the website. ATT provides a free SSL certificate. However, after adding the domain to my CloudFlare account, the SSL certificate is no longer ‘active’ and the site now shows as http, not https. ATT support states that “In order for the SSL to properly install, the www and blank A records need to point to our default IP address”. They also state that “Our admins advise the IPs must point to us for the SSL to install. I would inquire with cloudflare if the SSL may be installed through them as the hold the IPs currently.” CloudFlare DNS shows the A record and WWW pointing to the ATT default IP address. ATT states that “Your website records are pointing to Organization: Cloudflare, Inc. (CLOUD14)”. My CloudFlare SSL settings show “Your SSL/TLS encryption mode is Full.” I enabled the setting “Always use HTTPS” in Edge Certificates of SSL but this caused the site to go down. Sorry about providing all of this information but I am totally confused and not sure what to do next. I obviously need the site to be secure and have an active SSL certificate. If I buy one through CloudFlare, will this solve the problem?

The certificate references Cloudflare mentions only refers to the certificate on their proxy servers and not your own server.

Your own server needs its own certificate and there shouldnt be any issue when you add your domain to Cloudflare. If your host disables the certificate, it is an issue but thats something only your host can clarify. If they refuse to activate and renew your certificate if you point your domain to Cloudflare you could only either not use Cloudflare or - preferably - switch to another host, which does not have such requirements.

You cant buy a certificate from Cloudflare, the only certificate they sell are proxy certificates which you cant install on your server, however you can have an origin certificate issued by them for free, which you could then configure on your server, assuming your host does allow you to do so.

Sandro, thank you for the information. ATT is very difficult to work with. So, adding a certificate would not be something I can do. I will disable CloudFlare and try another solution. What is the best way to disable CloudFlare without my site going down?

So they do not allow for a custom certificate?

Simply switch your domain’s nameservers back to the original values and that should be it.

Thank you so much for all your help.