I am using VPS and install wordpress in it. I have already installed and using Let’s Encrypt SSL in my wordpress site.
Now, I have signed up Cloudflare’s Free plan for CDN, but I don’t want to use it’s SSL.
If you help me regarding this, I would be very helpful to you.
Do you want to proxy your site through Cloudflare? If so, you have to use their certificates as well as they are necessary for the proxy (you still need your server certificates too). If not, simply switch the record to .
I have followed below steps but it showing Error code: SSL_ERROR_NO_CYPHER_OVERLAP
- Login into CF and select domain you want to work with.
- Select “ Crypto ” top menu option
- Under SSL select - Full
- Set Always use HTTPS to ON
- On HSTS section - Enable HSTS
Max-Age: 3 months
Include subdomains: Off (change as you wish - read up on it)
- Set to Minimum TLS Version to TLS 1.2
- Opportunistic Encryption: ON
- TLS 1.3: ON
- Automatic HTTPS Rewrites: On
Disable Universal SSL (again read up) by doing this you are no longer using CF SSL certs and use only Certs served by your server.
Actually, I don’t know these things too much but, What I want is to speed up my site.
In that case you probably want to proxy and you will need to use Cloudflare’s certificates too.
Can you post a full page screenshot of your SSL/TLS settings?
You need to enable universal SSL at the bottom of the page.
Also, switch that to “Full strict”.
after that, will it use SSL from let’s encrypt or Cloudflare?
For visitors Cloudflare’s, for the origin connection Lets Encrypt.
Yes, I have done it. My site is working now.
Thank you very very much for your quick replies.
I have similar issue.
I have website using Let’s Encrypt certificate for last few years. All this time LE certificate was re-issuing automatically every 3 month.
I have signed up Cloudflare’s Free plan for CDN.
I’ve got a message from Lets Encrypt said I cant get new certificate unless I change A-record to IP address of my hosting.
I contact hosting, they said it’s because I’m using Cloudflare’s DNS. They recommended to turn off DNS - DNS Records - A (www and no-www) during LE certificate re-issuing. Unclick orange cloud to grey cloud.
I’ve got new certificate from LE and clicked clouds back to orange.
How to set it up to get new certificate automatically without clicking / unclicking clouds and manually re-issuing certificate on hosting every 3 month?
“For visitors Cloudflare’s, for the origin connection Lets Encrypt.” - this solution looks good for me.
The HTTP verification request probably does not go through. You could either tweak your Cloudflare setup to make sure it goes through or switch to the DNS based verification
Thanks for reply.
I’m not so good in this things.
How to tweak Cloudflare setup to be sure it goes through?
How to switch to the DNS based verification?
I dont really know what these solutions mean, but first one sounds closer to the result I want to get.
This topic was automatically closed after 30 days. New replies are no longer allowed.