Hi, I have a website — Foxnett. I’ve enabled the Cloudflare proxy for it, but I’d like to continue using the SSL certificate issued by Let’s Encrypt. How can I set this up so that I can use Cloudflare’s proxy service while keeping my Let’s Encrypt SSL?
For the frontend, Cloudflare takes care of the certificates and sometimes uses a Let's Encrypt certificate. You can use your own, but I don't recommend it. For the backend, you would be better off using Cloudflare origin CA certificates for your origin server than Let's Encrypt certificates if possible.
5 Likes
You need to note that once Cloudflare proxy is enabled, you have two related, but separate connections:
- client to edge
- edge to origin
Client to edge connection is secured (usually) with Universal SSL certificate, which Cloudflare managed automatically on your behalf.
Edge to origin connection may be secured if you set Full Strict mode (see Encryption modes). This mode uses and verifies the certificate on your origin server, which needs to be issued by any publicly trusted CA (such as Let's Encrypt), or Cloudflare origin CA.
You may continue using Let's Encrypt on the origin just fine as long as you use HTTP-01 validation method. Otherwise, you should switch to DNS-01 (many clients have DNS plugin for Cloudflare).
6 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.