How to disable ssl cloudflare


#1

Hi,

How is it possible to disable the ssl of cloudflare and use the ssl of my origin webserver only ?

Regards
Marcel


Ssl of origin not used
#2

By disabling proxying (switching :orange: to :grey:). Keep in mind though, this will point straight to your machine and you will lose the security features of Cloudflare.


#3

Hi,

yeah i know that is an option, but i prefer to only disable ssl and that my origin ssl (cpanel issued) ssl is active and to remain all the other security features of cloudflare. is this possible ?

regards
Marcel


#4

That is not possible, unless you change to a Business plan which will allow you to import your own certificate. Why would you prefer your own certificate?


#5

In my experience having as much as possible running from your origin server, so no external js/css/image files etc is best for the performance, so also using my local ssl is i think best performance wise.


#6

It wont make any difference performance-wise. You will still have two SSL handshakes and two certificates involved. If you are worried about that disabling the proxy will be your only option.


#7

Ok, about caa records, which caa record do i have to set if using cloudlfare.com ?
0 issue “cloudflare-com” or comodoca-com or another one ?


#8

Setting up CAA records might not be the best idea as the issuer can change and if you do not update this in time it might render your site unavailable, but that would something best to clarify with support.


#9

btw, when i turn off the proxy, are then also functions like “caching” becoming inactive ?
in fact are all functions like firewall, caching, speed, workers etc not active anymore ?


#10

Precisely, what I mentioned earlier. If you want to use more than Cloudflare’s DNS you have to use proxying.


#11

Ok thx, thought this was the case, but not 100% sure… now i am :slight_smile:


#12

I want to disable ssl of cloudflare and use the ssl of my origin server.
however after disabling the ssl and set the ssl to “flexible” or “full” the websites stil
don’t take the ssl of my origin. How come and how can this be fixed ?


#13

Groundhog day?


#14

They will be automatically added by Cloudflare as needed and removed upon certificate issuance. Add a simple CAA record to alert you of mosissuances and everything will work.