Use HTTPS without Cloudflare Encryption

Hi,

I would like to only use Cloudflare as a Registrar for my Domain without using it’s SSL certificate.
For that I’ve set the encryption under SSL/TLS to “Off”.

When I now try to access one of my services e.g. mail.mydomain.com it does not automatically use the HTTPS website.

Only after I manually enter https://mail.mydomain.com my browser recognizes, that there’s a secure Letsencrypt certificate it can use and uses it automaticaly.

Is there any way I can change this, or is this secure at all?

Best regards :smiley:

I am going to assume you are not using the proxying from Cloudflare (why it’s a whole another conversation).

If that is the case you need to setup redirects at the origin, which is your server.

This is normally done at Cloudflare’s edge when you proxy the records, but since you are not, it goes straight to the origin.

The SSL/TLS setting, in this context is useless, as that applies only when proxying is enabled. If you enable that, then you CAN’T use your origin certificate, but only Cloudflare’s (or a custom one, if you are on the Business plan or higher) given how proxying works.

FYI, this is most definitely not secure.

1 Like

Thanks for your fast answer, I didn’t know the SSL/TLS settings only apply when using the proxy option.

Out of interest: what happens, if you use your own certificate and also use Cloudflare’s Full SSL encryption?

And why is it not secure to only use my own certificate?

Best regards

For the user? Nothing. Unless you don’t have a valid certificate on the origin, in which case you are exposing them to security issues they are not informed about.

Oh, didn’t mean that. I meant without a 301 redirect to the HTTPS version. Obviously you have more exposed surface, having your server’s IP in the wild, but that’s not specific to the certificate.

1 Like

Thank you for the clarification. :slight_smile:

One last question: What type of SSL encryption must I choose on Cloudflare when using the proxy function in combination with a letsencrypt cert? Flexible or Full?

Neither. Full (Strict).

2 Likes

Okay, thanks for your help again :smiley:
Have a nice day!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.