Disabling Universal SSL seems to prevent TLS Handshakes with the server

I recently switched to Cloudflare to take advantage of their registrar service. I am a former Google Domains customer, and when I was switched over to Squarespace, I immediately balked at the markup of domains, which sometimes exceeded 50% of what I was paying at Google domains. As a result of switching to Cloudflare registrar, I am required to use Cloudflare as my DNS provider. Needless to say, I already have SSL infrastructure set up on the web server. I use Let’s Encrypt as my CA and Certbot to obtain and renew the certificates. When I switched to Cloudflare, I started getting SSL certificate errors on clients. As a result, I disabled Cloudflare’s universal SSL, but that wasn’t enough. At the moment, the only thing that works is disabling Cloudflare on the site. How can I enable Cloudflare on my site and still use my server to manage and serve SSL certificates?

You can’t when using the proxy, unless you have a Business or Enterprise plan and then only to upload your own certificate to the edge. This is fundamental to the way a reverse proxy works…

You need to enable Universal SSL, and set your SSL/TLS mode to “Full (strict)”. Then your site visitors will have their connection secured to Cloudflare with the Universal SSL certificate, and the connection from Cloudflare to your server is secured using your own SSL certificate.
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

If you want to use your own SSL certificate from your server, you will need to set your DNS record to “DNS only” instead of proxied, but then requests will go direct to your server and no Cloudflare features can be applied to your site traffic.

1 Like

So do I need to upgrade my cloudflare plan to be able to do this?

No, Universal SSL in available on all plans.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.