Can we know what certificate Cloudflare sees at origin?

Let’s say that I am using SSL mode “Full” at the moment and SSL Certificate at origin is expired or not trusted, at this point the website appears to users as ‘secured’ because Cloudflare provides universal SSL and doesn’t care if cert at origin is valid or not.

Then I change origin certificate to be a trusted one, say from Let’s Encrypt. Is there a way to know what certificate does Cloudflare see at origin? So I can be sure that switching SSL mode to “Full (strict)” will definitely work and won’t show certificate error page in case the origin certificate isn’t trusted for some reasons.


Sadly, no. There’s no way to get a peek behind the scenes to know if it’s Flexible or Full (Strict). You’d have to manually test on your own:

To display the origin certificate (assuming one is installed), replace below with the actual IP address of your origin web server and replace with your domain and host name:

curl -svo /dev/null --connect-to :: 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"


Thanks. This is exactly what I am looking for.

1 Like

There’s a related feature request

1 Like