New to Cloudflare, need some advice!

Hello good people!

I just recently subscribed to Cloudflare to manage all my servers and I would like to get some advice from experienced people here! I have been reading Cloudflare documentation, and some youtube videos but have not found the proper way to secure all my servers behind the same domain.

First I will explain how my setup is:

I have two office servers, both of them hosting some websites set on different networks, one of them is with ubuntu 14, and the other one is a host for Hyper V with two virtual machines each one with IIS 8, and both of them set to port 80 and 443, one of those I access it with the default 80:443 ports and the other one with custom port forwarding to 80 and 443. These servers are accessed by employees, and by clients.

Also, I have the main business website hosted at WIX.

I have CNAME records set for every website.

So my questions are:

a) How can I properly secure all these servers with Full (non strict) encryption mode?

b) Can I use the same Origin CA cert for every server? and do I have to set all the CNAME records to the cert? or just with the wildcard?

c)How do I setup Cloudflare to access the IIS set to custom external port with port forwarding, I can not reach it with http(s)://

I hope I explained myself fine, sorry if not! English is not my native language.


a) Bad idea…but it looks like you can remedy it in b)
b) An Origin CA cert can be full of all the hostnames (including wildcards) you can think of:

List the hostnames (including wildcards) on your origin that the certificate should protect. By default your origin certificate covers the apex of your domain ( ) and a wildcard ( * ). If there are others you wish to add, e.g., those not covered by the wildcard such as , you can add them below.

Warning on “” is that you’ll need a special Edge Certificate for a subdomain that deep.

c) For starters, Cloudflare works best on sites currently working with HTTPS on “standard” ports. The easiest fix it to not use Port 5555, but reconfigure your server to use one from the list below:

If you can’t reconfigure the server, you’ll need a Worker, or the Portzilla App service to map Port 80 or 443 to 5555, but that means that 5555 will no longer be the port number you would use externally.


Thank you so much! I did not expect an answer so fast!

I just want to get the Origin CA temporary, to see if I can set up everything first, and then get Full (strict) when possible.

I already set the port to one supported by Cloudflare, and now I can access the website!

I will try to get the certificate working I hope is not hard to do! I have been struggling with IIS to get the certificate working.

Thank you so much!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.