Hello, security community,
Cloudflare has for us 1 main problem for Origin Cloudflare CA certificates which you install on your host and then set SSL full strict.
The problem is when you need to have developments and go to development mode or disable CF, Chrome or also Anti-Virus Software will block website because of the CF certificate.
It means for development we always have to delete CF certificate, install Let’s Encrypt certificate, do development and after development finished install again Cloudflare CA certificate and set to SSL full strict.
That’s very annoying imho and I did not see any solution in forum of Cloudflare.
Some might argue: What about free Let’s Encrypt SSL? It is available on many hosting and it is automatically renewed after 6 months. So once you enable it, it will continue to work free. without manual renewal.
Unfortunately, it does not work.
Let’s Encrypt only allow automatic renewal, when the DNS Lookup will reveal the host IP.
Since Cloudflare does not reveal the host IP Let’s Encrypt will not automatically renew when Cloudflare is active.
Moreover you cannot renew manually when Cloudflare is active. In addition when you do a CSR, it will not help. For all options above you will land in redirect loops (ERR_TOO_MANY_REDIRECTS) because of HTTPS > HTTP loops once a certificate is expired (on SSL mode full)
So - has anyone faced this problem? And how could it be solved?
I would like to keep the Origin Cloudflare CA certificate and Full Strict SSL, but once Dev mode is needed this solution fails because Chrome and other browsers as well as Anti-Virus Software will block access to the websites using Origin Cloudflare CA.
Thank you for reading this long description and hope you have an idea.