Disabled Universal SSL and SSL from origin server

HI, i found several pages online, which give step by step setup for Disabled Universal SSL and SSL from origin server
The latest one is from May 2021. I cannot add the link, but here is brief description of the setup they and many others promote:

SSL Mode in Cloudflare Account
SSL mode: Full SSL
Always use HTTPS. Set it ON.
SSL Settings in Cloudflare
enable HSTS

  • Max-age: 3 months*
  • Apply HSTS policy to subdomains: Off*
  • Preload: Off*

*other settings *

  • Set Minimum TLS Version to TLS 1.2*

  • Set Opportunistic Encryption to ON*

  • Set TLS 1.3 to Enabled*

  • Set Automatic HTTPS Rewrites to ON*

  • Disable Universal SSL. Since you’re not using the Cloudflare Universal SSL anymore and instead utilizing the SSLs stored on your server, click on “I Understand” and then confirm.*

That’s the right way to use Let’s Encrypt with Cloudflare. The setting changes will prevent any downtime as much as possible. After implementation, the data will be transferred using HTTPS via Let’s Encrypt.

Based on the steps it seems that some of the cloudflare menus are now changed.
Is that setup applicable in June 2023 and is it supposed to work with Proxy Status enabled?

Sorry, but these guides are all rubbish.

  1. You must not disable Universal SSL, otherwise you have no proxy certificate
  2. You must not use a legacy encryption mode (such as Full), otherwise you have no encryption either

Make sure you are using Full Strict and Universal SSL is enabled.


Thank you @sandro

Pleasure, and apologies for the strong wording, but with these guides it’s really too often just storytime :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.