To get started with proxied records

Being new to Cloudflare, I’d like to understand how to configure proxy and thus have some questions.

  1. In case of using Universal SSL Edge Certificates, is it true that only the first level of subdomain records can be proxied?

  2. As per my testing, when SSL/TLS being set to OFF, neither proxied HTTP service nor proxied HTTPS service is accessible. Why?

  3. As per my testing, when SSL/TLS being set to Flexble, proxied HTTP service is accessible but HTTPS service is not accessible; when SSL/TLS being set to Full, proxied HTTP service is not accessible but HTTPS service is accessible. A way to workaround may be setting SSL/TLS to Full and defining page rules for HTTP services. Any better approaches?


  1. Correct: Limitations for Universal SSL · Cloudflare SSL/TLS docs
  2. How did you try to connect after disabling SSL/TLS? With the same https or http?
  3. You shouldn’t use flexible. You are going to want to use full and not use HTTP between Cloudflare and your origin. You can have Cloudflare auto upgrade HTTP → HTTPS connections as well.

Thanks @Cyb3r-Jak3 for the advice.

  1. Yes, clear browser history and try to connect the same https and http origin servers after disabling SSL/TLS

  2. As per SSL/TLS doc, it states " When you set your encryption mode to Full, Cloudflare allows HTTPS connections between your visitor and Cloudflare and makes connections to the origin using the scheme requested by the visitor. If your visitor uses http, then Cloudflare connects to the origin using plaintext HTTP and vice versa." However, as per my testing, when SSL/TLS being set to Full, browsing proxied HTTP service results in Host Error. Any advice on how to fix?


Any inputs and advice would be much appreciated. Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.