New user - need some help/info re SSL and DNS options

We currently host a load of sites with 20i.com. They offer free Lets Encrypt SSL but only works if you use their nameservers which isn’t the case for most of our sites. We can install low cost third party SSL certificates but at every annual renewal, because of how their load balancers work, we get anything from 10 minutes to an hour where the site shows as insecure as the old cert is removed and the new one applied.

Wondering if Cloudflare could give us a better alternative for SSL and caching but have questions as follows:

Does the website hosting package need to have its own SSL in addition to the Cloudflare SSL?
Do you have to use Cloudflare nameservers for DNS management to have access to the free SSL option?

Any help on this very much appreciated! Thanks :slight_smile:

Using a proxy service to provide SSL on the front end while your origin server doesn’t use SSL isn’t recommended any more since you can get origin certificates for free. Not securing the connection between Cloudflare and your origin means your user’s data is not secure end-to-end.

So you still need a certificate on your origin, but you can use a free LetsEncrypt one which you should be able to update without downtime, or you can use a Cloudflare origin certificate and issue it for 15 years so it doesn’t need updating at all (note this certificate is only trusted by Cloudflare so needs to be used with the Cloudflare proxy).

Cloudflare will create and update the SSL certificate that’s used on the edge for clients to connect to with no downtime as long as you use the proxy.

See here for details…

Yes, if you want free. Business or Enterprise plan is required for a Partial Setup…

2 Likes

Thanks for the quick reply, that is very helpful. Seems a bit catch 22 in my scenario - required to use 20i nameservers in order to get SSL on the hosting package, required to use Cloudflare nameservers to get SSL via Cloudflare… Not really sure what the best solution is here.

Hello,

Thanks for the quick reply, that is very helpful. Seems a bit catch 22 in my scenario - required to use 20i nameservers in order to get SSL on the hosting package, required to use Cloudflare nameservers to get SSL via Cloudflare… Not really sure what the best solution is here.

You could use us with our nameservers to get the free USSL certificate at the edge. Then using one of our origin certificates you can secure the connection from end to end. As mentioned by @sjr this certificate will only work with Cloudflare when records are proxied. If you use us you will get a free edge certificate that is listed below.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.