Questions regarding SSL

Hi good people.

I would like to start using Cloudflare on my hosting, but they are a partner of Cloudflare and they have some silly settings like the website can use only cloudflare with www. and without, they cannot activate it and so on. When used through them, the dns server is showing them.

I’ve added the website to point to dns of cloudflare, added the correct cname in order to be able to add the website to my hosting provider, rerouted it and it works. The thing is, I cannot add the SSL Letsencypt certificate on my hosting when I am not using their DNS, so on the hosting side there is no SSL, but using the SSL checker, I keep getting message that everything is ok with the SSL.
On the Cloudflare, the setting for SSL is full.

I though that I need to have SSL on the webhosting as well in order to be able to use full and have properly configured ssl?

Thank you all!

You do.

Can you install a custom certificate on your server? In that case you could simply get an Origin certificate from Cloudflare and upload that to your server, in which case “Full strict” will work out of the box.

https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates

I cannot.

That is the problem.

I cannot generate a new Letsencrypt SSL on the server, because DNS is not pointing to them, but to Cloudflare and I cannot add the custom certificate.

But the domain is working for now somehow.

That would suggest you are using Flexible, which means there is no real encryption in place.

You best talk to your host about that, but from your description it would seem as if you could only use their Cloudflare integration and not a full account.

1 Like

Thank you. I did already and it is how they are set up. They argue that you need to have a domain on their server for Lets Encrypt, which I don’t want.

They will look into it, but I am looking into other hosting providers in Europe anyway. If there are any suggestions, would be very grateful.

Depending on how they have the certificate issued they actually might need to control the nameservers, however if you could simply skip the LE certificates and provide your own, that would be a non-issue.

As for providers, I am afraid there are way too many to give a proper suggestion.

This topic was automatically closed after 31 days. New replies are no longer allowed.