Hi,
My host provider is using cPanel.
From Cloudflare I have enabled full mode for SSL here : Screenshot by Lightshot
But from host provider is using cPanel. impossible to generate the SSL certificate, even If I choose http-01 or dns-01 validation method.
Is there something to setup on Cloudflare dashboard to allow connection between my server and cloudfalre DNS area?
Thanks
L.
any feedback?
That’s a mistake, that should be Full Strict, otherwise you still have no secure site.
The easiest thing for you will be to get an Origin certificate from Origin CA certificates · Cloudflare SSL/TLS docs.
ok but in this case, is it necessary to generate a SSL certificate from cPanel from my host provider?
No, Clouflare provides you with the certificate and the key and you just need to configure it on your server.
ok so then, when the certificate will be renewed, this will be done automatically or an action will have to be done from my host provider?
You will need to reissue it manually.
However, you could automate it with the API - Cloudflare API v4 Documentation
ok so can I use Cloudflare but using the certificate provided by my host provider?
You certainly can, the proxies work with all publicly recognised CAs.
so If I use my host provider certificate, is there any special setting I need to enable or disable from Cloudflare dashboard?
No, if your site loads fine on HTTPS and has a valid certificate, it will work out of the box.
Just make sure you are on Full Strict.
No, you need that. That’s the proxy certificate, but that’s managed by Cloudflare anyhow.
ok.
I have enabled FULL STRICT, but now from my host provider cPanel, I’m unable to generate a certificate (through let’s encrypt).
with http-01 I get this error Screenshot by Lightshot
with dns-01 I get this error Screenshot by Lightshot
and error from web browser Screenshot by Lightshot
That’s why I suggested an Origin certificate.
There are sometimes issues issuing a certificate when using Cloudflare and these are mostly HTTPS related. It’s best to contact your host about that and you could possibly disable the HTTPS redirect on Cloudflare.
But again, an Origin certificate is easier.
ok but if they disable HTTPS redirection, Cloudflare will be useless no?
Not at all, it will just not automatically redirect.
I’d really suggest to get an Origin certificate, plus to use the search, as that topic has been discussed quite a few times.
yes I agree with.
about certificate renewal from Cloudflare I can use the API.
but from my host provider I want to avoid doing it manually because I have many websites to manage
Fair enough, all you need is a valid certificate. Either an Origin certificate or a publicly trusted one.
If there are any issues, it’s best to contact your host for that and you can also follow aforementioned steps to make sure any verification requests go through.
Ok I will try with my host
many thanks 