I installed Runcloud on my server and have two web application there with two domain names connected to Cloudflare.
Regarding the SSL now, I don’t know which to choose Let’s Encrypt or a custom SSL (which I put the 15-year certificate I get from CF)?
Runcloud’s support told me to disable Cloudflare’s DNS proxy if I want to use their Let’s Encrypt certificate. But I don’t want to disable CF obviously.
Any help please?
Go for this route and then make sure the domain is proxied.
Cloudflare will automatically generate the edge certificate for you that users see and then Cloudflare & your Runcloud instance talk over HTTPS using the 15-year origin certificate.
User <edge certificate> Cloudflare <origin certificate> Runcloud
So I shouldn’t install let’s Encrypt at all and go with the custom route and install CF’s 15 year certificate on Runcloud?
If you have the ability to run certbot (the most popular LetsEncrypt issuance tool) on your server, that would be my preferred route, as it’ll give you a “real” trusted SSL certificate that’ll work with both grey-clouded and orange-clouded traffic, with automatic renewal. (Be sure to test that automatic renewal is actually working) And it’s usually pretty easy to get up & running.
The 15-year Cloudflare origin certificates are fine, good option for when you can’t run certbot, but they only work with orange-cloud traffic, so you won’t be able to grey-cloud your DNS entries or use the “pause Cloudflare” option.
Personal preference, really.