Configuration for SSL between a domain with it's own origin cert and another without

user9351 · September 12, 2019, 2:57pm

Hi,

We have two websites with the same domain but different URLs i.e. one as www.domain and the other as admin.domain. The admin site has it’s own SSL certificate at origin and the other will only require a certificate on the Cloudflare side. Also, the admin domain uses Realex and they’ve recently notified us that they now support SNI.

Are there any configuration instructions on how to move these sites to Cloudflare? Or would there be any configuration clashes with the sites on the same domain but not both using SSL at origin.

Thanks

MarkMeyer · September 12, 2019, 7:15pm

You should install a cert on that host too. It can be a self-signed or a Let’s Enrcypt certificate.

There is a way to do this without a certificate on your origin. Not recommended

Set the SSL mode to
-Full (Strict) If your admin cert is valid
-Full if it’s self signed or expired

Create a Page Rule for your URL which has no certificate and set SSL -> Flexible.

Why the community does not recommend flexible in a few words: Traffic between Cloudflare and your server will remain unencrypted.

The full story:

user9351 · September 13, 2019, 3:00pm

Thanks Mark.

We actually have 3 sub domains on that domain so we are going to look into getting a certificate for the 2 sites that don’t currently have any SSL certs. I might have a couple more queries when we are configuring this next week as we may need to configure SNI for Realex too.