What Cloudflare SSL do I set if I have Lets Encrypt already setup on my server

I just transferred my domain DNS from Godaddy to Cloudflare DNS.

I set my web server A record and www CNAME to proxied in the Cloudflare DNS.

I already have Lets Encrypt SSL setup on my server.

What should the Cloudflare SSL setting be? By default, it is set to Flexible already.

Without Cloudflare, or with Unproxied (:grey:) / DNS-only records: Visitor ↔ Web server
With Proxied (:orange:) records: Visitor ↔ Cloudflare ↔ Web server

So, by having Proxied (:orange:) records, you also have two different connections to secure. Cloudflare will take care of the first (Visitor ↔ Cloudflare) with the Edge Certificate from Universal SSL, and your Let’s Encrypt certificate will take care of the latter (Cloudflare ↔ Web server)


So with Flexible SSL set I’m all good then correct?

Welcome to the Cloudflare Community. :logodrop:

You don’t ever want to use that setting. It is completely insecure and misleads visitors into thinking their traffic is encrypted when you are actually sending it in the clear to your origin server.

Always use Full (strict) and only Full (strict).

1 Like

@epic.network - Does this require any extra configuration within Cloudflare or changes to my server SSL?

1 Like

It requires either a valid certificate from a trusted authority, like the one you currently have from Let’s Encrypt, or a Cloudflare Origin CA certificate. The latter is only trusted by the Cloudflare proxy.


A post was split to a new topic: Why should I always use only Full (strict)?

Full (strict) ought to be the default setting.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.