I have an SSL certificate installed on my site with my hosting provider (Bluehost) and wanted to implement Cloudflare, but when I go through the setup wizard through my hosting dashboard (Bluehost is a partner), I get a warning that if I try to set it up on a secured site, it will malfunction.
I understand that there’s a shared certificate that encrypts traffic between Cloudflare and my users, so if I uninstall my Bluehost certificate and depend only on this, will the traffic between Cloudflare and my server be unencrypted, and will my users not be able to use HTTPS urls?
(I don’t use Bluehost, so I’m making some wild assumptions here.)
It looks like the Bluehost integration with Cloudflare has significant limitations. One appears to be that you can only use Flexible SSL.
Cloudflare’s basic mode cannot handle SSL certificates. If you need to use an SSL certificate, that part of your site needs to be on a subdomain that is not protected. [1]
This suggests to me that Bluehost require you to remove the SSL certificate from the Cloudflare origin. If you do this your users will continue to connect to the hostnames using a Universal SSL certificate, but traffic between Cloudflare and your server will be unencrypted.
You could try setting up an independent Cloudflare account (not using the Bluehost integration) and see if you can leave the Bluehost certificate in place, and set your Cloudflare account to use SSL mode “Full (Strict)”. This may not be possible.