Can we use free Cloudflare SSL certificates for domains not hosted on Cloudflare?

I would like to ask a use-case Cloudflare SSL question, please.

We are building a CMS tool and would like to know if we can use Cloudflare’s free SSL in the following three categories:

  1. The top level domains we own. We have SSL on these through Azure only, but not if hosted locally or elsewhere.
  2. Wildcard certs for any subdomains on the TLDs we own. We have SSL on these through Azure only.
  3. Certs for BYOD (bring your own domain) for our CMS customers who want to use their domain.

Thanks for any clarity you can offer.

The short answer is no. The more complete answer is explained in this article. Read on for something inbetween the short answer and the more complete answer.

Cloudflare provides free certificates on its edge network, often referred to as the Cloudflare proxy. In order for those certificates to be presented to your visitors, you need to be routing traffic to your servers, also known as origin sites, via the Cloudflare proxy. To maintain the security of the information as it transits between the Cloudflare proxy and your origin sites, you need to have a certificate in place on the origin sites.

This can also be a free certificate from Cloudflare, but unlike the ones employed on the Cloudflare edge, these certificates are issued by the Cloudflare Origin CA, which is not a publicly trusted certificate authority. They are only trusted by the Cloudflare proxy. This means that anyone visiting your origin sites directly will see an Unknown Issuer warning when you are using free origin certificates from Cloudflare.

If you want to use free, publicly trusted certificates, especially with sites that you will not be routing through the Cloudflare proxy, you should consider anothermethod, such as the Let’s Encrypt certificate authority.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.