Cloudflare + S3 + Full SSL

Hi, I have a single domain that points to an AWS Lightsail Load Balancer with 2 instances behind running WordPress. I also have a number of assets centralised on S3. On the load balancer I have an AWS created SSL cert and I have SSL enabled on the instances. I can apply Full SSL on Cloudfkare and this works fine. However, I’ve just gotten around to the S3 part, I have the CNAME of a subdomain set up on Cloudflare and pointing to the bucket. The issue is that the S3 bucket doesnt have an SSL certificate which means Full SSL doesnt work and it appears the SSL settings are global for the domain so I cant have the website on Full SSL because the images wont load as they need to be on Fkexible SSL with this configuration. Does anyone know a solution for this please? Is there a way to override the global SSL settings or something else?



What is the issue with configuring a certificate?

Hi Sandro, from what I know, S3 doesnt support SSL certificates, you have to use Cloudfront for this, however this defeats the purpose of Cloudflare as the CDN.

Do you know any workarounds or correct me if Im wrong please ?



I am not overly familiar with Amazon but I would find it difficult to believe that they are not supporting SSL. I am sure there is a way to get a valid certificate up there. I would do some online research.

Thanks Sandro, I have done research and this is the issue Im facing :slight_smile:

Looking for a workaround on this, unfortunately it doesnt seem I can address config at a subdomain level.



What about

Actually this seems to address your very issue

Apparently you cannot configure a custom certificate, but you can use the default one. If you set that up as a CNAME it should even work with Full Strict, but less-secure Full should work definitely too.

Hi Sandro, thanks for finding that, I found that you can overwrite global rules using page rule on the subdomain, so I will use that. Thanks again for your help, much appreciated.


I cannot advise any stronger against that. You want a secure connection, right? Then you have to use Full.

As I already said, even “Full Strict” should work in your case.

This topic was automatically closed after 30 days. New replies are no longer allowed.