I have installed Let's Encrypt SSL. Can I use cloudflare with it?

I just installed SSL certificate on my website https://www.universalbloggingtips.com. Would there be any problem if I activate CloudFlare with it?

Thanks! :slight_smile:

I use Let’s Encrypt behind CloudFlare as well, works without any problems.

Two things you should know:

  • If you’re currently using tls-sni-01 to verify domain ownership (that’s the default for the apache plugin, as an example), that won’t work behind CloudFlare and you’ll have to switch to http-01. You might want to look at this thread for some details.
  • CloudFlare is a reverse proxy, so your TLS sessions are (necessarily) no longer end-to-end-encrypted, meaning CloudFlare (or any adversary that has owned CloudFlare) could read your traffic.

Make sure to use the Full SSL (strict) option in CloudFlare as well, so that CloudFlare only accepts valid and trusted certificates from your backend server.

1 Like

Hi, could please provide some steps to install Let’s Encrypt on VPS that’s already using CloudFlare sevice.

What mode are you using cloudflare in ? Just for DNS ? or are you using the full caching of cloudflare ? What do you have ( and want ) as the SSL settings ? Flexible SSL? Full SSL ? Full (Strict) SSL ? and are you on the free plan or a paid plan ?

Hello,

  • Full caching of ClouFlare.
  • I have Flexibal SSL, and I want Full(strict) SSL.
  • Free plan.
    Thank you for your time.

The instructions in the linked thread should be sufficient. If you’re running into any problems, we’ll need more details.

Okay thanks, just a quick question, is it possible to use the SSL certificate(Full Strict) and continue using ClouFlare’s free plan or should I upgraid to a piad one ?

You can use the free plan.

Using the cloudflare SSL certificate (Full Strict) then the user will see the cloudflare certificate of course, not your personal certificate from Let’s Encrypt ( I don’t know if that is an issue for you or not ).

1 Like

I contacted SiteGround’s support and they’ve told me that ;
" Let’s encrypt provides you with HTTPS encryption that is not compatible with the free CloudFlare CDN , in order to use LE SSL or any other SSL provider I have to upgrade my ClouFlare plan " so is it really true ?

It’s half true, the LE cert will only protect the connection between your server and CloudFlare. The connection between the public and CloudFlare will be protected by one of CloudFlare’s certs.

It’s still important to have the LE cert however, even if the public will never see it.

1 Like

The short answer is yes.
However, bear in mind that since Cloudflare acts as a reverse proxy, there will be two connections -

  1. Visitors -> Cloudflare
  2. Cloudflare -> Your server

The trouble is, that the SSL used for point 1, will use Cloudflare’s free Universal SSL, which does not work with Windows XP (sp3) systems.

Which means, even if you install Lets Encrypt on such a setup, your visitors using Win XP will not be able to use your website.

So if your website has a subsequent number of XP users (such as mine, i get around 15% XP users) - Cloudflare’s free plan is not such a good idea.

I’m not sure why Cloudflare won’t use something like Let’s Encrypt instead of Universal SSL - maybe it’s from a business perspective.