This tutorial is deprecated in favour of Get started with SSL/TLS · Cloudflare SSL/TLS docs
SSL/TLS Configuration Video:
This tutorial covers basic settings in the SSL/TLS app of the Cloudflare Dashboard, including SSL Mode [Off/Flexible/Full/Full (Strict)], Cloudflare Origin Certificates, ‘Always Use HTTPS’ and ‘Automatic HTTPS Rewrites’.
The connection between your visitor and Cloudflare and Cloudflare and your server do not use SSL and are not secure. Visitors can only view your site over HTTP.
The connection between your visitor and Cloudflare is secured, but the connection between Cloudflare and your server is not. You will not need a certificate on your server for this mode.
This option is generally NOT RECOMMENDED, particularly not if you have any visitor specific data processed through your site (e.g. user sessions, logins, etc.). You can read more about https://community.cloudflare.com/t/why-flexible-ssl-mode-is-not-the-best-choice/63531.
The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to be configured to accept HTTPS connections and have a certificate (It does not need to be valid and is not verified)
The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to have a VALID certificate from a trusted authority installed to use this mode.
For both Full and Full (Strict), you can use a Cloudflare origin certificate – covered next.
This setting shows the certificate you have on the Cloudflare edge, this is likely to be a Universal or a Dedicated certificate. You can find out more information about Universal Certificates here, and more about Dedicated Certificates here.
A Cloudflare origin certificate can be installed on your server so you can use Full or Full (Strict) SSL Modes.
If you click ‘Create Certificate’, use the default options unless you wish to change them, and click ‘Next’, a certificate will be generated.
How you install this certificate will depend on your server / host. When you go through this process, Cloudflare will give you a list of support guides for different servers. If you have any problems installing it, you should contact your web host for guidance.
Always use HTTPS
This setting will redirect visitors from the HTTP version of your site to the secure HTTPS version. This means that all visitors connections will be secured.
Automatic HTTPS Rewrites
Tutorial Reference: CT-08
Other great resources on this community include the Community Tips . These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. Also you can view Expert Tips, great posts on the community from people in the know that may help you with your issue.
We encourage users to check out these great resources and the Cloudflare Support Centre before posting