What is the advantages and disadvantges of using stric SSL

here is my setup
Nginx proxy Apache
wordpress
ubuntu
hosting AWS
Using Runcloud.
now in order to avoid some conflict and error between cloudflare and runcloud I needed to setup Origin Certificates with cloud run. so I can get SSL and HTTPS showing otherwise i get an error 52.
so now I am thinking to use the full strict SSL option on cloudflare.yes extra security but I heard it might has it’s own issues. what are those issues ? should i bring it back to only full SSL?


Thank you

Strict ensures that your server has a valid certificate. Without strict, Cloudflare will think “eh, it’s expired, or the wrong domain, but it’s encrypted. Good enough!” The Cloudflare “Origin CA” certificate is generated for your domain with a far-future expiration date, and Cloudflare considers this to be a valid certificate. But if you bypass Cloudflare, browsers won’t recognize the certificate as valid.

I use RunCloud, but use the dns-01 API method to validate, using my Cloudflare API Key. Not that “put a file on the server” method. I do this instead of the above “Origin CA” certificate for the reason stated above.

Either method (Origin CA, or RunCloud’s dns-01 verification) lets you use Full (Strict) at Cloudflare.

2 Likes

thank you sdayman.
as I understand the DNS-01 method would be better
now I see. how do I do DNS-01 method?
I am in the first free 5 days with runcloud and after I wont be able to use the SSL section so CA certificate will be cancel unless i sign up for paid membership.
would mind explaining how to do it ?

Sorry, that’s a paid plan feature at RunCloud. Here are their instructions:

1 Like

thank you

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.