Will a certificate from let's encrypt work with cloudflare/incapsula?


#1

Hi,

first, thanks for setting up an easy to use & free infrastructure for adding https support to our website.

I imagine they will, but I’m wanting to make sure that the certs that let’s encrypt will be offering will work with cloudflare and/or incapsula so I can plan accordingly.

Thanks!


#2

The certificates will work for encrypting communication between your origin server and Cloudflares servers, but Cloudflare will not present this certificate to end users unless you are using one of their premium services. That is unless Cloudflare chooses to integrate with LE in some way… :grin:

Not really sure about Incapsula, I’ve had no real experience with them.


#3

Why would they want to? They already are running their own certificate authority, automatically signing certificates with a large number of subjectAltNames after verifying control of the domain; a process quite similar to what LE will be doing. The only “integration” needed would be doing something different with Proof Of Possession challenges for CF sites.


#4

thanks for the replies. I look forward to using let’s encrypt when it’s released.


#5

Untrue. CloudFlare, since September 2014, have offered universal free SSL certificates (using Elliptic Curve Cryptography). There’s information on how they did this here: https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-the-origin-for-free/


#6

It seems accurate to me. CloudFlare offers free SSL using certificates they provision themselves. It’s possible to use certificates from other CAs, but that’s limited to their premium plans. You can use a Let’s Encrypt certificate to encrypt traffic between the origin server and CloudFlare (I believe they call this “Strict SSL”), but on the free plan, visitors will see a certificate that CloudFlare provisioned. CloudFlare acts as a proxy (or, one could say, MITM) between clients and your server.


#7

Just so that you know, I had similar issues with CloudFlare. Went ahead to Crypto category and selected Full SSL option so that CloudFlare could ignore it’s own SSL and adopt Let’s Encrypt SSL. Works fine now.