Hello.
I want to use let’s encrypt ssl and i don’t like use cloudflare ssl.
I do this:
1_ I installed Dv certificate on server that is let’s encrypt.
2_ In cloudflare dashboard set : Full strict
3_ Enabled Always Use HTTPS
4_ Enabled HSTS: Min 3 months
5_ Minimum TLS Version:1.2
6_ Enabled Opportunistic Encryption
7_ Enabled TLS 1.3
8_ Enabled Automatic HTTPS Rewrites
9_ Enabled Certificate Transparency Monitoring
10_ Disabled Universal SSL

my domain can’t load and i see this error:

This site can’t provide a secure connection

test.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

please help.What shoud i do??

That breaks this:

because Full SSL needs a cert on the proxy server.

Business and Enterprise customers can install their own certs on the proxy servers, but it’s a hassle. Every three months, you need to update it. I have a script that does this, and I don’t completely trust the process. So I have to keep checking my certs here. It’s just not worth it to me.

What is it about Cloudflare SSL you don’t like?

I’m in iran and i heard some isps have problem with cloudflare ssl.

1_I see some sites use let’s encrypt and cloudflare cdn. They bought business plan??

2_I can’t use let’s encrypt free as universal ssl??

I’m not sure if it’s because of the certificate itself, or just because it’s HTTPS through Cloudflare IP addresses.

Cloudflare uses several certificate providers. I do not know what determines the provider for any particular domain or plan. But it’s possible those sites are on Biz or Ent. I did use ACM (Advanced Certificate Manager) for a free plan site and I chose the Let’s Encrypt option. ACM is $10/month.

Screen Shot 2021-02-15 at 7.44.49 AM2108×968 165 KB

Since you’re already on Cloudflare, I suggest you first try the Universal Certificate and see if the site works in Iran.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.