Encrypts end-to-end, using a self signed certificate on the server

david.estrada · May 20, 2020, 9:56am

Hello everyone,

I recently signed up for Bluehost.com that offers Cloudflare CDN services. I transferred 5 domains from 1&1 and activated all 5 domains to use Cloudflare CDN. Only 1 domain has been activated for FULL “Encrypts end-to-end, using a self signed certificate on the server” and the remaining 4 domains are configured as FLEXIBLE “Encrypts traffic between the browser and Cloudflare” and not able to enable FULL “Encrypts end-to-end, using a self signed certificate on the server”.

How do I troubleshoot/solve this issue?

Any advice and suggestions are greatly appreciated.

Thanks,

David

sandro · May 21, 2020, 10:12am

Even Full does not offer fully secure encryption as a middle-man could still intercept these requests. Only Full strict is really secure in this context.

What you have to do is to configure either a publicly trusted certificate on your server or a Cloudflare Origin certificate. Once that is in place you need to switch to Full strict and you should be good to go.

david.estrada · May 20, 2020, 10:27am

I really appreciate that information Sandro and will follow up with creating a trusted certificate.

What puzzles is 1 out 5 domains automatically was configured to FULL without me doing anything to it while the remaining 4 stayed at Flexible.

Anyway, I agree the best route is to install the certificates and enable FULL STRICT.

Thanks again,

David

sandro · May 20, 2020, 10:31am

It might be that one domain is reachable via HTTPS while the others arent. But that is rather speculation.

As you mentioned the right way forward is to configure valid certificates and use Full strict.

david.estrada · May 21, 2020, 9:40am

Hi Sandro. I wanted to share my latest findings.

Basically, if you sign up to a host provider (Bluehost) that has a partnership with Cloudflare and you add the domain from the host provider cPanel, then you will not have access to making any changes to the encryption options I mentioned above.

The way you solve the above issue is not to use the cPanel or webpage from host provider to add your domains to Cloudflare and just add your domains directly to your Cloudflare account and then point your nameservers as suggested to Cloudflare.

The reason 1 of 5 domains was allowing me to make the changes to origin server encryption settings was that I accidentally added it first to Cloudflare.

i really appreciate your help and thought this additional information would benefit you and everyone reading this post.