SSL question existing certificate

I haven’t set up my site with Cloudflare yet, but I currently have a RapidSSL certificate on my server. When I set up Cloudflare what do I do with options for Cloudflare SSL?

Welcome to the community!

You will be able to use your RapidSSL certificate in your server without issues. However, it won’t show to end users, since Cloudflare will deploy its own SSL certificate on their servers.

If you want to upload your custom SSL into Cloudflare, you’ll need to purchase the Biz plan before.

Hope it helps!

So would I be able to just use the Cloudflare ssl when my other one expires?

Yes, but you’ll need to install, for example, an Origin Server certificate in your server instead.

That sounds confusing, I tend to let my hosts sort it out up till now.
Would it be best to have a separate on the server like I have now?

You will always need a certificate on your origin server in addition to the certificate that is on Cloudflare.

Ok, if I have a TXT file in DNS settings on my server for that SSL (Digicert require this for proof of domain ownership) do I have to put that into Cloudflare DNS as well?

For that TXT record, or any record, to resolve, it needs to be in your authoritative DNS, which is whatever you set in your domain registration. This means if you moved your DNS to Cloudflare and neglected to add the TXT record, it is currently missing.

You don’t have to renew the certificate from the current provider. If your host supports it, you can use Let’s Encrypt to automatically obtain free certificates. You could alternately install a Cloudflare Origin CA certificate if you will only accept traffic through Cloudflare.

If that particular DNS TXT entry on my server doesn’t have a hostname, just a value/content. What would I enter into hostname as it says its required on Cloudflare?

You can use an @ when you need to reference the apex domain without a hostname.

I’m tying to add Amazon SES DNS but its not allowing me, when I copy what I have on my server it is saying
DNS Validation Error (Code: 1004) This record type cannot be proxied.

Have you clicked the link to 1004 in your post and searched for proxied?

I didn’t realise that, I assume it will work ok with it not proxied

What is the record type?

Three cname entries

Oh, yes. Those definitely must not be proxied in your situation.

When you proxy a CNAME through Cloudflare, A and AAAA records that point to Cloudflare are published rather than a CNAME. If the target of the CNAME is not an A or AAAA record that is not going to work out. I expect that Your CNAMEs resolve to TXT records, which would require you to set them to :grey: DNS Only.

1 Like

Thanks,
I’ve set up everything now then I think but I have an issue where on the DNS page it says

Cloudflare protection for your domain is in a pending state while we verify ownership. This could take up to 24 hours to complete. Learn more about [pending domains] ‘link that I can’t post on here’

My website itself says ‘Pending nameserver update’ but don’t feel I can make the nameserver changes until that message above has gone.

1 Like

Great posts

It’s the other way around - the message won’t disappear until after you make the change at your domain registrar.

1 Like

Oh right, I was wary of changing it and my website not working.

And the other things is in the edge certificate section I have nothing there and it’s not letting me choose the Universal SSL.

Those get provisioned once the zone is active.

1 Like