DNS and server certificate

We have a Cloudflare Pro account, and host DNS for a wildcard domain at Cloudflare.

We host our own webserver running on Apache.

As I understand when hosting DNS at Cloudflare, it automatically provides a secure connection so traffic is secured as https.

My question is: When using Cloudflare, do we also need to install a local certificate onto the Apache webserver, or is good enough, that the DNS is hosted at Cloudflare?

Absolutely! Cloudflare can help generate a certificate to secure your server:

However, a wildcard DNS entry can’t be proxied on the pro plan, so your best bet is to use Let’s Encrypt to secure your server connection.

Thank you for the prompt reply!

When reading the page you provided, it looks like wildcard is an option?

What that means is that you can “future-proof” that certificate for any hostnames you add to DNS. It’s two separate systems: TLS/SSL, and DNS.

Your example.com/*.example.com/*.sub1.example.com/*.sub2.example.com saves a lot of time. You can add suba.sub1.example.com, subc.sub1, subd.sub2, and so on to DNS. But as I said, you can’t :orange: proxy a record like *.sub1.example.com, or even *.example.com unless you’re on an Enterprise plan. You have to manually add every DNS record that you want :orange: Proxied.

Thank you for the help.

How do I know if the installed certificate is working correctly, when the traffic is proxied via Cloudflare?

If you’re using SSL/TLS in Full (Strict) mode, and your site loads over HTTPS, then you’ll know it’s working.

I have it Full mode, but not “Strict”. Should I change it?

I recommend strict, as it is the only secure mode.