Does nginx needs certs if cloudflare manage it in front?



Silly question: does nginx needs certs if cloudflare manage it in front?

If Cloudflare manage my cert (by pressing a simple HPPS button), do I really need to take this cert and install it on all my nginx behind?

I tried to disable ssl on nginx, but nothing works, logs aks my cert location. Seems like I need to load certs on all my nginx somehow…

Thank you for your help.


In addition to what @sandro said, you can use one of the free Origin Certificates from Cloudflare, they work only with Cloudflare, but no one will go direct to the server theoretically.


Thank you Matteo for your very quick answer!

For now I was creating my certificate using let’s encrypt.
But with cloudflare https button I thought, nice no need to update my cert on my 4 Nginx manually.

Cloudflare automatically auto update the cert.

If I download origin certification from cloudflare and put it on my 4 Nginx, do you mean I will not need anymore let’s encrypt, but I will still need to renew this origin cert every x months?

Thank you !



The Origin Certificate can last up to 15 years.

Also this is the most common misconception, but not having a certificate (or having one that is expired), while supported by Cloudflare do not actually protect from possible Man In The Middle attacks.

1 Like
closed #6

This topic was automatically closed after 30 days. New replies are no longer allowed.