Hallo, I have a bucket set with a vm custom instance on compute engine in google cloud with a zone and a ssl letsencrypt (certbot auto) cert and nginx.conf files are set, I have to change something in google cloud and in my vm instance if I go to Cloudflare free plan (new ssl free + cdn) ?
I have to delete the DNS zone on cloud dns ?
The ssl certficate on Cloudflare is free, how work the renew ? It’s an auto renew ?
Thank you for your help !!!
so, if I have well understood, when the procedure with clodflare will be successful I can, later, delete the ssl certificates of certbot configured in the vm instance, correct ?
Not necessarily. You can only do so if you configure your Cloudflare SSL mode to “Flexible”, which means the connection between your server and Cloudflare will not be encrypted. That is not advisable however.
So you will still need a certificate on your end to encrypt that connection, that could be either Let’ Encrypt - which you seem to use right now - or you could also switch over to a Cloudflare Origin certificate. The latter you can have issued in your Cloudflare control panel too.
Hi Sandro, I take advantage of your kindness and your help, I have others questions :)))
Well I understood that I will have this scheme:
[DNS PROVIDER] -> [Cloudflare] -> [CLOUD DNS]
So, in my [DNS PROVIDER] I have to change The NS (nameservers) records, I have also to change the A record in my DNS PROVIDER ? Cloudflare provides a new IP address to point ?
so that my dns provider will point to the ip of Cloudflare and Cloudflare will point to the ip of the cloud dns
in [CLOUD DNS] Google Cloud I have the DNSSEC set and this is set also in my [DNS PROVIDER] I have to set this in OFF on [CLOUD DNS] and delete this set in my [DNS PROVIDER] ?
About the ssl certificate you wrote that I will be able to switch over to a Cloudflare origin certificate instead of using that of letsencrypt: can I do this procedure from the Cloudflare control panel ?
That depends on what that workflow should depict. If the first arrow is supposed to refer to you setting Cloudflare’s nameservers at your registrar (what you referred to as “DNS provider”) and the second arrow to you setting up the desired IP address (“Cloud DNS”), then yes, that would be correct.
An IP address for what? DNS or web? If you meant the latter, that is correct, however only if you proxy your DNS records ( instead of ). Otherwise it will simply point to your original address.
Once you change the nameservers away from Google, their DNSSEC settings become irrelevant.
Yes and no. You can have the Origin certificate issued in the control panel, but you will still need to configure it on your server.