SSL - CloudFlare

Quick question…

Do I need to purchase an SSL from a third party like GoDaddy and use that with CloudFlare or can I just install CloudFlare Origin Certificates onto my server? And that will be fine?

Actually, no need to purchase it nowadays - at least from my point of view.

Except, there are some cases where we people have sub deep sub-domain levels like www.sub.domain.com or sub.sub.sub.domain.com. In this particular cases, I would suggest purchasing an SSL certificate by using Advanced Certificate Manager at Cloudflare. More information about ACM cane be read at the below link.

For above mentioned “deep sub-domains”, if interested or if you actually have this situation, you can find more information at the below two articles:

Nevertheless, depending on the access level and knowledge skills we have, we can setup Let's Encrypt SSL certificate (or using Certbot) at your origin host / server for our domain(s) for free and renew it when needed (usually every 3 months or so if I am correct about it as far as I remember).

It is recommended that your Website works over HTTPS (having an valid SSL certificate propperly installed at your origin host / server) before moving to Cloudflare (due to security measurements, also it’s 2021 at the end and almost 2022 so make our Websites even more secure both for ourself and our visitors :wink: ).

In case you do not have an SSL certificate, you can use Cloudflare Origin CA Certificate, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate at your origin host/server.

Furthermore, I use this approach and I would vote for this (in case if you do not have an SSL certificate, be it either purchased from some SSL provider or generated by Let’s Encrypt) :wink:

Note: Cloudflare Origin CA Certificate works only for Web (HTTP(S)) traffic (not for e-mail!). So in terms of, if you host/serve e-mail from the same server or not, either you would have to have an SSL certificate which covers both your naked domain and mail (including some other sub-domains like www, etc.)
Hostnames (DNS records) using the Cloudflare Origin CA Certificate should be :orange: (proxied), otherwise using it on :grey: (DNS-only, unproxied) DNS records would encounter getting an SSL warning/error in user’s Web browser.

Helpful article including step-by-step instructions can be found at the below link:

Sure! Nevertheless, do not forget to select Full (Strict) SSL option under the SSL/TLS tab of Cloudflare dashboard for your domain name.

Just in case, sharing some useful tutorials/articles regarding SSL below.

Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:

Regarding available SSL options at Cloudflare dashboard, check here:

If any other issues appear, follow the needed steps for troubleshooting from article below:

Cloudflare Help Center also contains usefull information about SSL which can be found at the below link:

1 Like

Great. Thank you for this feedback. Awesome!

1 Like

I am happy to assist you :wink:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.