I have connected my domain with Cloudflare in the following pattern.
Scenario 1
I pointed my primary and secondary name servers from the domain registrar to Cloudflare, then in Cloudflare DNS manager pointed A record to cPanel server. Is this the correct way to use Cloudflare to connect to a cPanel based shared hosting?
In this case, does adding any records to the cPanel DNS manager make any sense? or would come into effect? Or is Cloudflare’s DNS manager only the one to work as the initial nameservers are pointed to Cloudflare?
And regarding the SSL certificate, are they generated by Cloudflare or cPanel in this case? It is showing me Let’s encrypt SSL on browser details.
Scenario 2
Suppose, I point my primary and secondary name servers from the domain registrar to Cloudflare, then again in Cloudflare DNS manager if I add NS records and point them to my cPanel provider’s name servers. Will this be just routing DNS from one manager to another (but with Proxy/masking)? Now, will cPanel’s DNS manager work for adding extra records, and would adding other A, CNAME, MX records, etc via Cloudflare make any sense in this case? What happens to SSL in this case?
No. This would be a waste of time. Only Cloudflare DNS will be queried.
Let’s Encrypt is on of the certificate authorities Cloudflare uses. You can learn more in this article.
Don’t do that. It will only make it harder for you to figure out why nothing is working.
Cloudflare provides the SSL certificate used between the Cloudflare proxy and your vistors. You still need a certificate on your origin server, which in your case is the cPanel server. How you obtain that certificate is at your discretion. You may be able to use automated SSL issuance in your cPanel, but that had nothing to do with Cloudflare, so you would need to consult your cPanel provider for guidance on that method. If you will only be allowed traffic that passes through the Cloudflare proxy, a free Cloudflare Origin CA certificate may interest you.
Now, I understand that I can either use auto SSL in cPanel or use Cloudflare Origin CA certificate for my origin server. Otherwise, the connection between the Cloudflare proxy and the origin server will be unencrypted right?
You stated:
If you will only be allowed traffic that passes through the Cloudflare proxy, a free Cloudflare Origin CA certificate may interest you.
Can you make this a bit clear on the traffic part ? Does this mean if I use Cloudflare Origin CA certificate then the connection between Cloudflare Proxy and Origin server will be encrypted?
But if I access the origin server without Cloudflare proxy (maybe from some other domain name, API, or IP address) then it will be unencrypted?
No. It won’t be unencrypted, but you will be presented an unknown certificate authority warning. The Cloudflare Origin CA is not a public CA. This means that web browsers will not trust it (nor should they). It is trusted by the Cloudflare proxy since that is its sole purpose.
