Dedicated SSL Considerations and Setup

Hi all,

My hosting provider recommends to use their free SSL cert and just have Cloudflare pass thru. From what I understand Cloudflare needs to have SSL on their severs, not just my origin to work.

Which led me to think about the dedicated SSL. What are the advantages and would I still set up the free SSL on my host with auto ssl for the Cloudflare to Origin server communcation? If so, how would I do this? Their directions seem to conflict with the Cloudflare articles I have read.

I am on a shared host so they said http/2 won’t work. Is that accurate?



“Just pass through”? What exactly did they recommend? If you “pass through” respectively tunnel/proxy your traffic it is more than “just” as that would be the full-fledged security product Cloudflare offers. “Just” would be if you only used Cloudflare’s DNS and pointed your hostname straight to your IP address, in which case you’d need a certificate only on your origin.

What is your use-case? What would you like to achieve and/or protect against?

Depending on what you want to use you wouldnt need a dedicated certificate as the free universal certificate, issued for every account, is more than sufficient in most cases.

No, the HTTP version should be irrelevant as far as the hosting type is concerned.

Thanks for the reply. I don’t have anything that requires protection, but for SEO they recommend SSL. I want to have the best performance as SSL negotiation can slow down load time.

SSL is indirectly useful SEO, but the focus is definitely on security.

Considering you mentioned a certificate on your origin I presume you already do have a certificate on your server. Is that right? In that case you wouldnt necessarily have to use Cloudflare.

Cloudflare’s primary purpose is to shield your server and protect it from potential attacks. Additionally it can speed up your site. Is any of that of your interest?

1 Like

I have not installed the SSL yet on my server. If I install it, would I just set the Clouflare SSL to “off”?

Thank you,


You will have to configure a certificate on your server in any case, as the connection wouldnt be secure otherwise.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.