This tutorial is deprecated in favour of Get started with SSL/TLS · Cloudflare SSL/TLS docs
Archive
SSL/TLS Configuration Video:
This tutorial covers basic settings in the SSL/TLS app of the Cloudflare Dashboard, including SSL Mode [Off/Flexible/Full/Full (Strict)], Cloudflare Origin Certificates, ‘Always Use HTTPS’ and ‘Automatic HTTPS Rewrites’.
The settings covered here can all be found by visiting Cloudflare.com, logging in, selecting the domain and choosing the SSL/TLS app.
SSL Modes
Off
The connection between your visitor and Cloudflare and Cloudflare and your server do not use SSL and are not secure. Visitors can only view your site over HTTP.
Flexible
The connection between your visitor and Cloudflare is secured, but the connection between Cloudflare and your server is not. You will not need a certificate on your server for this mode.
This option is generally NOT RECOMMENDED, particularly not if you have any visitor specific data processed through your site (e.g. user sessions, logins, etc.). You can read more about https://community.cloudflare.com/t/why-flexible-ssl-mode-is-not-the-best-choice/63531.
Full
The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to be configured to accept HTTPS connections and have a certificate (It does not need to be valid and is not verified)
Full (Strict)
The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to have a VALID certificate from a trusted authority installed to use this mode.
For both Full and Full (Strict), you can use a Cloudflare origin certificate – covered next.
This setting shows the certificate you have on the Cloudflare edge, this is likely to be a Universal or a Dedicated certificate. You can find out more information about Universal Certificates here, and more about Dedicated Certificates here.
A Cloudflare origin certificate can be installed on your server so you can use Full or Full (Strict) SSL Modes.
If you click ‘Create Certificate’, use the default options unless you wish to change them, and click ‘Next’, a certificate will be generated.
How you install this certificate will depend on your server / host. When you go through this process, Cloudflare will give you a list of support guides for different servers. If you have any problems installing it, you should contact your web host for guidance.
Always use HTTPS
This setting will redirect visitors from the HTTP version of your site to the secure HTTPS version. This means that all visitors connections will be secured.
Automatic HTTPS Rewrites
This setting can help fixed mixed content issues. Although it may not be able to fix all these issues, I recommend turning it on if you experience mixed content issues.
Video - Introduction to SSL and Cloudflare’s Options
Credit to @albert for the fantastic explanation here.
https://www.youtube.com/watch?v=2PT3ZW3xglQ
Tutorial Reference: CT-08
Reviewed: 07/21
This is a Community Tutorial, most are wiki posts, so can be contributed to by Regulars and MVPs here. If there is a tutorial you would like to see, you can request one here.
If you would like to provide any feedback on this tutorial, please post in the #Meta category, tag your post #TutorialFeedback and let us know the Tutorial Reference above.
Other great resources on this community include the Community Tips . These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. Also you can view Expert Tips, great posts on the community from people in the know that may help you with your issue.
We encourage users to check out these great resources and the Cloudflare Support Centre before posting