Cloudflare's SSL/TLS vs LetsEncrypt


I am using free plan. For my domain, I am using FULL SSL option for ssl settings.
I have 3 doubts now -

  1. Is this “full ssl” end-to-end encrypted?
  2. I was previously using LetsEncrypyt’s certificate settings in my nginx configuration settings. So do I have to comment those ssl settings in nginx’s configuration and totally rely on cloudflare’s ssl/tls features?
  3. What about auto-renewing? Is it available in free plan?

It never is end-to-end as Cloudflare always decrypts the data on their proxies. However “Full” makes sure the connection to the origin is still encrypted, albeit does not validate the certificate which still makes it vulnerable to MITM attacks. “Full strict” should be the choice and is as secure as it gets on Cloudflare.

No, you still need these (or equivalent) certificates on your server, in order to have a secure second leg connection.

Renewing your server certificate is still up to you. Cloudflare only handles the proxy certificates.

1 Like

Thanks a lot.

This topic was automatically closed after 30 days. New replies are no longer allowed.