I run a small Mac server out of my home. I have the web site linked to a free CloudFlare account. Do I even need Let’s Encrypt if using CloudFlare? Can anyone explain how they might interact?
I would say yes but maybe not for what you might think.
With any CDN, the clients HTTPS connections are terminated by the CDN.
The CDN in turn caches, or proxies, the client request to your system.
The first request is always https://your.domain/
But that second connection can be http…
So why, or why not, use HTTP or HTTPS?
[in that second/backend connection]
If not only for the mere assurance that your http content can not be altered, nor viewed, anywhere else along the way, then for the peace of mind that should you (for whatever reason) need to remove the CDN (even if only for a short period of time) from the connection path, you can still provide your connection securely [end-to-end].
Cloudflare encrypts the data between them & the browser. They offer several options with encrypting the traffic between your server and their edge service:
You can run a self-signed, you can use their Origin Cert, or you can use your own Certificate, like Let’s Encrypt.
I personally use LE Certificates on my server anyway while Cloudflare provides their own Certs for the traffic to their service. Mainly because I like having control over the security of the data transfer from my server to Cloudflare.
Now I could turn their SSL off and bypass to go straight to my server for the HTTPS redirect, but I am also using their caching service, which saves me bandwidth.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.