How to Display Let's Encrypt SSL vs. Cloudflare's SSL


#1

Hi all!

I’m using Cloudflare with Let’s Encrypt set up and I’m only able to display the Let’s Encrypt’s SSL when I disable and don’t route my traffic through the Cloudflare system. With Cloudflare enabled, I get Cloudflare’s free SSL service (COMODO CA certificate) but unfortunately I’m no longer able to use Cloudflare with my cite to hide my origin IP address from undesirable visitors.

I would appreciate it if someone knows how I could sort this problem out as it is bothering me.


#2

Hi @DataRepository

Unfortunately this is a one-or-the-other situation, you can either use Cloudflare or display a Let’s Encrypt certificate to your visitors browser.

If you are using Cloudflare as your CDN then all of the TLS traffic from a visitors browser goes to Cloudflare’s servers and not the server you configured with Let’s Encrypt (typically referred to as the origin server). I’m not familiar with Cloudflare but I do not believe they offer what some CDN’s call “hosted SSL/TLS” where you can provide your own certificate/private key. Typically this is a paid feature. Instead they terminate the TLS traffic using a Comodo issued certificate as you observed.


#3

It is available but only with the Business or Enterprise plans, not Free or Pro.


#4

Thanks for the clarification @cool110


#5

Thank you @cpu and @cool110 for the clarification! I wondered for a while whether I had messed up somehow but it turns out that I unfortunately will be unable to get both Cloudflare and Let’s Encrypt to cooperate unless I: 1: Don’t use Cloudflare as a CDN, 2. Upgrade my Cloudflare account to the Business/Enterprise plan.


#6

Looks like CloudFlare users may have some relief soon - https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/#comment-2879574753
Try https://disqus.com/home/discussion/troyhunt/cloudflare_ssl_and_unhealthy_security_absolutism/#comment-2879574753 if your browser doesn’t scroll to the comment.

However, you will still have to trust CloudFlare with your content in plaintext form.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.