Cloudflare offers SSL for all sites, but Cloudflare SSL only encrypts the connection from the visitor to Cloudflare. This article shows how to provide full, strict encryption for the entire connection from the visitor to the server.
In order to complete the setup process correctly, Let’s Encrypt requires the domain to resolve to the server IP address. If the domain does not resolve to the server IP address, update the domain nameservers to the designated A2 Hosting nameservers for your account. For more information about setting nameservers, please see this article.
To verify the Let's Encrypt certificate has been issued for the domain, follow these steps:
To the right of the domain should be a green lock symbol with the label AutoSSL Domain Validated.
To sign up for Cloudflare, follow these steps:
On the Cloudflare page, click :
A new window appears:
On the next page, in the Add a Website text box, type the domain to be proxied by Cloudflare. Click to continue:
On the next page, choose a plan. Click Free Website, and then click :
The Overview page appears. Scroll down to the Domain Summary section. SSL should be set to Full:
For additional security, you can change the setting to Full (strict) by clicking Full, and then selecting Full (strict) on the Crypto page.
To update the nameservers and verify the configuration, follow these steps:
Using Let's Encrypt with Cloudflare SSL is a great way to add security to a site quickly and at no cost. Let's Encrypt certificates are only valid for 90 days, and Cloudflare must be turned off during the renewal period. It may be more convenient to use a traditional CA-issued certificate. For a more complete discussion of the differences between Let's Encrypt and other SSL certificates, please see this article.