Hello teachers, I am a newbie and I have a question for you!
That is, in the case of not turning on the small cloud (proxy), how can I use Cloudflare’s certificate? Because my origin site is a virtual host, and the hosting provider does not include the function of SSL deployment. So I can only use Cloudflare’s certificate. That is to say, from the origin site to Cloudflare is HTTP, and then from Cloudflare to the customer is HTTPS. The certificate is automatically applied for by Cloudflare! Now there is a problem. To use this certificate, I must turn on the proxy. My question is whether I can still use Cloudflare’s certificate without turning on the proxy. Or, is there any setting that can make Cloudflare directly return to my origin site!
Was the site working with SSL prior to adding it to Cloudflare?
If you’ve generated an Cloudflare Origin CA certificate via Cloudflare dashboard for your domain which covers www.domain.com, domain.com and some other hostname, since it’s a self-signed Certificate, when you install it at your Web server and origin host, once you’ve typed the URL in the URL address bar of your Web browser, the Web browser will ask you if you’d like to trust it or not.
This is normal behaviour for all self-signed SSL certificate.
You can continue to use it, however your Website visitors will not be happy for it.
Furthermore, using the generated Cloudflare Origin CA certificate and installed at your server, therefrom the DNS records such as domain.com, www.domain.com, etc. are proxied you’re good to go with Full (Strict) settings set for the SSL under the SSL/TLS tab of Cloudflare dashboard for your domain. Since this certificate is okay for the connection between the Cloudflare and server.
Once proxied, the Cloudflare’s Universal SSL certificate will be issued and from that point, your Website visitors wouldn’t get the error showing “certificate not trusted” while visiting your Website.
I don’t see a problem here.
If you can configure your Web server to use a generated Cloudflare Origin CA certificate, then it’s the easiest setup which could exist.
Otherwise, generate a valid SSL certificate using Acme.sh, Certbot, cPanel AutoSSL, etc. when your DNS records are unproxied (DNS-only), upon success and after you determine your Website is working fine over the HTTPS, switch back the proxy and make sure SSL is set to Full (Strict) under the SSL/TLS tab of Cloudflare dashboard for your domain.
Above does help and fix “the problem” when your origin is HTTP only, for some reason, however it is not a recommended way due to possible know issues already such as too many redirects and more.