Wildcard Origin certificate on multisite



I have a wordpress multisite with several LetsEncrypt certificates. I would like to use cloudflare’s wildcard origin TLS certificate and wish to avoid downtime.

  1. Do ALL the sites on my multisite need to be on Cloudflare?
  2. Do I need to revoke/delete all existing LetsEncrypt certificates and how? one by one?
  3. I have some domains remapped eg Subdomain.mydomain.com is mapped to subdomain.com. Can I add any such domains after creating the original origin cert?
  4. Can I include a domain before it is mapped? I have live one on a different domain I want to move and avoid downtime whilst I stage it.




Hello @pat1,

CloudFlare is a reverse proxy where SSL is terminated so as long as the zone is proxied by us (we are the DNS authoritative of your zones), we’ll provide you automatically a SSL wilcard for every zones you activate on us.

For the certificate at the Origin, CloudFlare can streamline the connection in different fashions such as Flexible (HTTPS between visitor and Cloudflare but HTTP back to the Origin) to Strict (From the visitor to the Origin) so no matter what kind of SSL cert is installed on your Origin, CloudFlare will still work, you can even keep your Origins available only through HTTP.