Hi all!
I’m using Cloudflare with Let’s Encrypt set up and I’m only able to display the Let’s Encrypt’s SSL when I disable and don’t route my traffic through the Cloudflare system. With Cloudflare enabled, I get Cloudflare’s free SSL service (COMODO CA certificate) but unfortunately I’m no longer able to use Cloudflare with my cite to hide my origin IP address from undesirable visitors.
I would appreciate it if someone knows how I could sort this problem out as it is bothering me.
Unfortunately this is a one-or-the-other situation, you can either use Cloudflare or display a Let’s Encrypt certificate to your visitors browser.
If you are using Cloudflare as your CDN then all of the TLS traffic from a visitors browser goes to Cloudflare’s servers and not the server you configured with Let’s Encrypt (typically referred to as the origin server). I’m not familiar with Cloudflare but I do not believe they offer what some CDN’s call “hosted SSL/TLS” where you can provide your own certificate/private key. Typically this is a paid feature. Instead they terminate the TLS traffic using a Comodo issued certificate as you observed.
It is available but only with the Business or Enterprise plans, not Free or Pro.
Thanks for the clarification @cool110
Thank you @cpu and @cool110 for the clarification! I wondered for a while whether I had messed up somehow but it turns out that I unfortunately will be unable to get both Cloudflare and Let’s Encrypt to cooperate unless I: 1: Don’t use Cloudflare as a CDN, 2. Upgrade my Cloudflare account to the Business/Enterprise plan.
Looks like CloudFlare users may have some relief soon - https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/#comment-2879574753
Try https://disqus.com/home/discussion/troyhunt/cloudflare_ssl_and_unhealthy_security_absolutism/#comment-2879574753 if your browser doesn’t scroll to the comment.
However, you will still have to trust CloudFlare with your content in plaintext form.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.