Step 2: Setting up SSL with Cloudflare

This tutorial covers getting SSL working with Cloudflare in various different scenarios.

This assumes you already have your website set up on Cloudflare with all your DNS records set to :grey:, if not - please visit Step 1.

Do you want the website to use HTTPS?

Yes

Do you already have a valid SSL certificate installed on your server (i.e. does it already load over HTTPS with a :ssl:)?

Yes

If your website already works over HTTPS, you can just set your SSL mode in Cloudflare to Full (strict) in the SSL:TLS Button app in your Cloudflare dashboard.

And enable ‘Always Use HTTPS’ under |151px;x56px; if you want all visitors to go to the secure version of your site.
image

You should then move on to step 3 to enable the :orange: and Cloudflare’s services on your site.

No

You should install a certificate on your server, you can get a free Cloudflare Origin Certificate, a free certificate from Let’s Encrypt, or one from your web hosting provider or another certificate authority.

You can then set your SSL mode in Cloudflare to Full (strict) in the SSL:TLS Button app in your Cloudflare dashboard.

And enable ‘Always Use HTTPS’ under |151px;x56px; if you want all visitors to go to the secure version of your site.
image

You should then move on to step 3 to enable the :orange: and Cloudflare’s services on your site.

An alternative which is NOT RECOMMENDED, is to use Cloudflare’s Flexible SSL mode on your site without configuring a certificate. This can, however, cause issues and errors and is NOT SECURE! You can read Why flexible SSL mode is not the best choice



No

In the SSL:TLS Button app in your Cloudflare dashboard, set your SSL mode to ‘Off’ and make sure there are no redirections to HTTPS on your server or in Cloudflare. Check your page rules and the ‘Always use HTTPS’ and ‘Automatic HTTPS Rewrites’ settings under |151px;x56px;.

You should then move on to step 3 to enable the :orange: and Cloudflare’s services on your site.


You can read more about the different SSL modes in this tutorial.

Video - Introduction to SSL and Cloudflare’s Options

Credit to @albert for the fantastic explanation here.


If you have completed this, it looks like you are ready to move on to Step 3: Enabling the 'Orange Cloud'!



This tutorial is one in the ‘Getting setup with Cloudflare’ series. They are listed below:



Tutorial Reference: CT-02

Reviewed: 07/21

This is a Community Tutorial, most are wiki posts, so can be contributed to by Regulars and MVPs here. If there is a tutorial you would like to see, you can request one here.

If you would like to provide any feedback on this tutorial, please post in the #Meta category, tag your post #TutorialFeedback and let us know the Tutorial Reference above.

Other great resources on this community include the Community Tips . These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. Also you can view Expert Tips, great posts on the community from people in the know that may help you with your issue.

We encourage users to check out these great resources and the Cloudflare Support Centre before posting


7 Likes
Step 3: Enabling the 'Orange Cloud'
Community Tutorials
Error 526: SSL Problem
Community Tip - Fixing NET::ERR_CERT_COMMON_NAME_INVALID
Ssl Usage of Cloudflare
HTTPS error: SSL connect attempt failed error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
DNS record seem to not being propagated properly
Failed to communicate with server
New WordPress Plugin Update Crashed Site
Site works perfect on http but not https
Blog.facilsistemas.com.br
Can't edit or create Wordpress post while proxied by Cloudflare
CNAME SSL Problems
Cloudflare gives ssl error in some browsers
Changed nameservers and now my sites down
Site Down, DNS Not propogating. Help!
Redirect Loops and Redirect Chains
522 Errors in recent days
How to renew my ssl that is expired?
My registar for my domaine is cloudflare but
Error 522 - Can't find the problem
I need SSL for my custom domain for teachable. Need it from you as my new hosting platform
Error 522 when proxied | no problem when DNS Only
Getting 521 error sometimes and then resolves itself after few mins
Hello My site can't connect to the backend
My website is not running properly with JetPack?
Admin session on Jommla 4
Mixed Content. but the 'frame' points to the wrong port!
Proxied Cloudflare to Plesk
Error 525 Showing on my Website
Cloudflare 502 errors today WPO Wordpress
Search Contest 2021 infection?
Kemp Load Balancer
Cloudflare Redirection Issue Unable to solve
World4you cloudflare installation on Austrian server
Error 520 Web server return unknown error
Images missing/not loading - wordpress website
Error using CDN "Failed to load assets using CDN URL provided."
How to completely integrate a website from scratch
Cache issues with Ezoic
Getting an SSL Certificate
IP address of cloudflare server when displaying error message
Admin session on Jommla 4
CloudFlare proxied websites don't work on Virgin Media but do on EE and some U.S providers
Wordpress admin panel blocked
My connection is not Private. How to resolve this on my *.com website
Error 525 SSL handshake failed blogger
Error 522 - packets
Sqaurespace SSL cert issue
My subdomain is giving 404 error
Issue with 522 Errors
Domain and Subdomain Down
502 error after activate cloudflare
Pending Nameserver Update (4+ days) .ch domain Godaddy
403 on gRPC connection?
Error 521 - Unable to have support
Host error
Wordpress on http on Cloudflare https
Subdomains not working! (Godaddy site, cpanel hosting)
Closed the connection
Firewall Rule not working for me
Error 520 problem for two minutes?
520 errors related to Caching...?
Error 5xx log page admin
Aether Addic
Blocked just adding code to site
Is gRPC without TLS proxied or blocked?
Cloudflare ssl and subdomans
Images are broken on website after setting cloudflare
502 Bad Gateway, only when going through Cloudflare
Unable to add records
My site is DOWN basically. REFRESH error message
Ssl cert ( Edge Certificates : initializing )
Error: DNS_PROBE_FINISHED_NXDOMAIN
Error 520, Web server is returning an unknown error
Follow-up question for Sandro and Donmj - Secure Server while on HubSpot Email marketing
Run 2 scheduled workers within 5 seconds of each other
I have a problem with ssl
How to fix issue "Error 525: SSL handshake failed"
Best practice - multiple domains on one origin server
Cloudflare settings when you first set it up
WordPress site health scan issues - 3 nos
Istanbul cloudflare errors 525 but frankfurt doesn't
Enable Cloudflare to my website and getting the following error
Error 522 even I configure iptables and firewall
How to enable cloudflare for all page site
Website goes down after changing nameserver to Cloudflare nameserver with 404 errors
Status: Failed - HTTPS SSL Certificate failed to be processed
How to use the Cloudflare just one sub-domain without change the main domain
Since new Cloudflare Webinterface server not accessible anymore
SSL handshake failed/Error 525
Initial set up and Error 525 - SSL Handshake failed
Why do I keep having 520 error on my website
Cant get access to cpanel
Ssl not working on 1% (website not secure)
My Wordpress Site throws 520 error
Ssl not work after re-enabling Universal SSL
Error 520 on my website
Changing DNS records and A record
520 Error – no error logs triggered
Root domain resolves, www subdomain causes 520 error
Ghost integration
Site showing Not Secure with Cloudflare SSL
Bad server it make my website stop not work when i buy argo make issue then website stop
Cloudflare All-time-classic: How to fix Error code: SSL_ERROR_NO_CYPHER_OVERLAP
I am receiving a 502 error page when I test my button on my facebook business page
I am receiving a 502 error page when I test my button on my facebook business page
Can't get Origin Server certificate to work with webmail or imap/pop3/smtp
VPS + Cloudflare + Cpanel email
Universal SSL grayed out
520 and origin error, no hosting support
Domain keeps redirecting to a random site
One my subdomain not load properly with cloudflare access, working fine if not proxied ( gray cloud )
Uploads to my website stall if using cloudflare reverse proxy
Error 520. Web server is returning an unknown error
520 cloudflare error
I'm having 520 error I have contacted my hosting the problem is not from them
Force http1.1 from Tunnel agent to origin?
SSL - CloudFlare
I am trying to connect my VPS origin server with Cloudflare but I am continuously getting Error 522. I have my server running on Amazon lightsail and have connected to it accurately by DNS settings
No puedo abrir una pagina
Community Tip - Sicherheits-FAQ
Https links on website being redirected to http
Website URL is adding &i=1 while using Cloudflare and making it unable to use
CommunityTip - セキュリティに関するFAQ最初にお読みくださ
Facebook Login Issue
Login error after nameserver changed
No CSS styles for wordpress website when using cloudflared tunnel
How to connect the site to the Cloudflare CDN?
Domain as an alias
Turning on cloud flare proxy
Web server is returning an unknown error. How to fix this
IPv6 Only site encounter 522 error
A record not working (I get a 404 error)
CF Proxied DNS painfully slow
Unable to connect the certificate with my cpanel
WP Multisite subdomain dashboard and site not accessible
Not being able to log into Plesk (redirect on the login page)
Slow Website load 1st time
The ssl certificate on subdomains stopped working
Cloudflare blocking Joomla 4 Administration - 520 Error (Nginx Config Problem?)
I am having a 522 error from the
How are web-sockets under CF proxy handled? (per plan level)
Fixing Error 522 / Connection timed out — Closed afaik
520 error when navigating to subdomain, but not to IP address
Pending nameserver update : air-jiangsu.com
Entering Cloudflare Nameservers crashes site
GRPC closes unexpectedly
Softacolus login not working
Session expired log in
After ssl configuration in ubuntu nginx server not connecting from cloudflare
520 error if I log in
Unable to visit domain with prefix
Nameserver change has been implemented but Cloudflare did not detect the change
Last 8 hour my site opening very slow and some time 520 error
Update my SSL certificate
Random 520 error... the error go away when bypassing cloudflare
Error deal
Don’t able to add a record in cloudflare
Website won't load while orange cloud is active in A record & CNAME
WordPress plugin updates getting 524, origin server response quick 200
'site redirected you too many times' error in Wordpress customizer using proxy
How to get VUEJS to work with cloudflare
How to secure new website with cloudflare?
Domain from Google and Website hosted on Godaddy
Created 3 subdomain A records on CloudFlare, only 1 works as expected
Reverse proxy via nginx - CloudFlare SSL
Cloudflare blocking my rest api request
Will changing my DNS from GoDaddy to Cloudflare affect subdomains
Invalid SSL certificate *
Cloudflare DNS migration from GCP Cloud DNS
Have an issue with enable the cloudflare for the domain via Plesk Panel
TLS/SSL error website not working anymore
Name Servers Not Changing
Subdomain SSL Issue on Cloudflare Partner hosted website (Hostinger)
DNS resolve error
My subdomain stopped working since I moved my name servers to coudflare, canyone advise on how to fix this
My problem please Solve
Help to activate cloudflare to my website
How to connect cloudfare with reactjs website
I switch my web to cloud flare server i face internal server error 500
Https problem while setup origin certificate on cloudflare hosting
526 error on SSL FULL STRICT (ORIGINAL CERTIFICATION )
Domain is not responding
SSL certificate for web app
Clarification about adding websites
SSL cert for subdomain
SOA DNS Issue
Cloudflare DNS IP Change Doesn't Work and Just Redirects
Error - kruegercrew.com redirected you too many times
How to get SSL Chain?
Redirection with DNS?
520 Error when in WP Dashboard
Redirect page loop for wordpress installation
Error 525 SSL handshake failed You
Please help with start
Website down fg2020
Godaddy changed or Cloudfare SSL error
How to setup 2 domains (one for each language of same site)
Error 520 upon request (not response from origin server)
Cloudflare SSL not Active without www
Subdomain 522 error
520 error appear random
Most of the images on my site won't load
CommunityTip - Security FAQ Read Me First
Error520, problem with wp-admin login Showing host error
Community Tip - Fixing SSL ERROR NO CYPHER OVERLAP in Mozilla
Community Tip - Fixing Error 525: SSL handshake failed
Community Tip - Fixing ERR SSL VERSION OR CIPHER MISMATCH in Google Chrome
Community Tip - Fixing ERR SSL PROTOCOL ERROR
Can't find my website online
More than 50% 525 Errors - Need technical help
Edge Certificate validation
How to use let's encrypt certificates instead of cloudflare's universal certificate?
Can i use single domain on multiple cloudflare accounts?
Ssl Usage of Cloudflare
Have to type www. before my website name in order for it to say secure
Error 525 with ovh
How to eliminate (or minimise) downtime when adding your domain to Cloudflare
SSL not working on my subdomain
Please my site is in a wrong mode and can't provide a secured connection
522 Error on my website from some networks
I have problem with ssl please help
Site migration to server with integrated SSL certificate
Please help, my site is down by err 522, but I have no idea
Getting error on page