Using SSL with Cloudflare

This article discusses various options for using SSL (Secure Sockets Layer) on a Cloudflare-enabled account.

Using Cloudflare with an SSL certificate

To provide secure connections for your users, you must install an SSL certificate on your site. When you have an SSL certificate installed and Cloudflare enabled on your site, the entire connection is encrypted, from the browser to Cloudflare to your web server.

Please note that it is recommended that you configure Cloudflare directly through Cloudflare’s site, as the Cloudflare cPanel plugin is no longer receiving updates, and the premium Cloudflare options can only be configured directly through Cloudflare’s site. Please refer to these articles, Getting Started with Cloudflare and Creating a Cloudflare account and adding a website, on Cloudflare’s website to create an account and start customizing Cloudflare to best suit you and your site’s needs.

Sectigo SSL certificates

Sectigo is a free, automated, and open Certificate Authority, and is recognized by most modern browsers. Sectigo is supported on almost every new A2 Hosting account, and certificates can be generated automatically for immediate use. You can use Sectigo certificates for the Cloudflare SSL configurations described below.

Cloudflare SSL-enabled root domains

If you have SSL enabled for your root domain (for example, example.com), you must upgrade to Cloudflare Pro to use SSL and Cloudflare simultaneously.

Cloudflare provides two options for SSL-enabled sites:

  • Full SSL: For this option, you need at least a self-signed SSL certificate. For information about how to generate and install a self-signed certificate, please see this article.
    If you disable Cloudflare for your site, the self-signed SSL certificate is “exposed” to web visitors. They will receive warnings in their browsers that the certificate is not trusted. To prevent this scenario from occurring, you should purchase a valid SSL certificate signed by a Certificate Authority.
  • Full SSL (strict): For this option, you need a valid SSL certificate signed by a Certificate Authority. This is the preferred method, because even if you disable Cloudflare for your site, it is still completely protected by the SSL certificate.
Cloudflare SSL-enabled subdomains

If you have SSL enabled for a subdomain, you can continue using the free version of Cloudflare on your root domain. However, you must make sure that the SSL-enabled subdomain is disabled (has the gray cloud icon Cloudflare - gray cloud icon next to it) in your Cloudflare settings. For more information about how to configure Cloudflare for your account, please see this article.

If you want to use Cloudflare with an SSL-enabled subdomain, you must upgrade to Cloudflare Pro.

Using Cloudflare without an SSL certificate

If your site does not currently have an SSL certificate, you can use Cloudflare Universal SSL. This feature is free, and encrypts connections between users' web browsers and Cloudflare. Connections between Cloudflare and your web site, however, are not encrypted. To secure the entire connection, you must install an SSL certificate on your server.

For more information about Cloudflare Universal SSL, please visit http://blog.cloudflare.com/introducing-universal-ssl.

  • Universal SSL is only available if you sign up for Cloudflare directly on their site. You currently cannot use Universal SSL if you configure Cloudflare through cPanel.
  • The Universal SSL option only works in modern browsers that support Server Name Indication (SNI). Most browsers currently in use support SNI. For information about which browsers support Cloudflare Universal SSL, please visit https://support.cloudflare.com/hc/en-us/articles/204151138-Understanding-Universal-SSL
  • You should not use Universal SSL if your website processes any sensitive information, such as payment data or personally identifiable information (PII). While Universal SSL is better than nothing, to really secure your site and protect your users, you must install an SSL certificate.

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

 

 

Loading