Integrating Letsencrypt with Cloudflare ON, manually. Possible?


#1

Hi,…

I want to make use of Cloudflare’s free CDN and DNS but I prefer to use Letsencrypt SSL instead of default CF shared SSL.

My scenario is:

  1. Disable CF.
  2. Issue Letsencrypt SSL
  3. Enable CF.
  4. Then copy the issued key from my server to CF.

The question: is it possible?

Any idea on how to integrate Letsencrypt with Cloudflare?

my website is https://miui.blog/

Thanks for any advices.


#2

You can’t import certificates to Cloudflare except on the $200/month or Enterprise plans.

If you don’t want a shared SSL, you can pay for a dedicated (but unexportable) certificate: https://support.cloudflare.com/hc/en-us/articles/228009108-Dedicated-SSL-Certificates

Your question might be better served by https://community.cloudflare.com/


#3

You can setup LE on backend webserver and tweak the CF config, like I’ve done.

Here are the steps I took:

  1. Login into CF and select domain you want to work with.
  2. Select “Crypto” top menu option
  3. Under SSL select - Full
  4. Set Always use HTTPS to ON
  5. On HSTS section - Enable HSTS
    Max-Age: 3 months
    Include subdomains: Off (change as you wish - read up on it)
    Preload: Off
  6. Set to Minimum TLS Version to TLS 1.2
  7. Opportunistic Encryption: ON
  8. TLS 1.3: ON
  9. Automatic HTTPS Rewrites: On
  10. Disable Universal SSL (again read up) by doing this you are no longer using CF SSL certs and use only Certs served by your server.

These steps i’ve carried out on 4 CF hosted sites and work fine for me on an Apache setup. Will soon use same steps on Nginx and see how this goes.

Note: I made sure my apache webserver is able to provide TLS 1.2 and 1.3 support, although you can get away with just 1.2. But for best practice in getting A+ on ssl labs you need at least 2 supported SSL protocol in use, i.e. v1.2 and/or v1.3


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.