Free wildcard SSL certificate?

Just a very simple question, does Cloudflare actually provide free wildcard SSL certificates if you just validate your domain? I would understand if they would give normal ones for free like Letsencrypt but wildcard ssl certificates cost a lot on other services.
19 Replies
Hello, I’m Allie!
They do, yes
albedo
albedo2y ago
letsencrypt also provides free wildcard certificates they're a bit more complicated to get than "normal" ones but they do provide them
csd4ni3l
csd4ni3lOP2y ago
Oh, i didnt know this. Will check it out Do Cloudflare SSL certificates only be trusted by browsers if the traffic goes through their network, so its hosted on CloudFlare? Maybe ai's are stupid but i asked both chatgpt and bard to provide differences and both said that cloudflare certs arent trusted if they dont go through cloudflare's network I dont really understand, sorry, is the "valid one" trusted on non-cloudflare network? How do they differ, which one i get? I am very sorry, you can call me stupid if you want. I want to add my domain to cloudflare and then use SSL from CloudFlare. I dont want to use Cloudflare sites. Would it work or no? Do i have to use Lets Encrypt instead? Now i understand but what are you trying to say? Would it work or no? Can the origin be non-cloudflare page and would it still work like that? oh nvm you said that only cf trusts the cloudflare -> origin cert so no. right? and i can only do that through Cloudflare Sites? I meant CloudFlare Pages sorry Will check this, thanks
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
csd4ni3l
csd4ni3lOP2y ago
oh okay, luckily i am not planning to use it like that I meant CloudFlare Pages, sorry
PencilNavigator
i think google trust service is now more common, 5 of my sites are using gts ca 1p5 and sectigo as a backup
Chaika
Chaika2y ago
Pages has ssl included yea, and just for my ocd, it's Cloudflare now should be fairly random, the lineup has been streamlined a bit though, no more digicert/Cloudflare certs, it's just GTS and LE for Universals, and GTS or Sectigo for backups (and I believe it only uses Sectigo if you have GTS for your universal)
PencilNavigator
cloudflare ssl too, i got some of them recently
Chaika
Chaika2y ago
they're effectively gone, although I guess for now they've semi-paused the migration, not going to be around for too much longer hopefully. At least for Universals I didn't think it was using them still, you might have some old ones though since they are a year long, but should eventually switch on renew. I know ACM/etc still default to it
PencilNavigator
i recently see way less LE ssl certs, mostly are GTS, then CF SSL (cuz 3 days ago i got one)
Chaika
Chaika2y ago
you got a digicert universal? That's interesting, I thought they were finally done with that, they had announced at one point they were. Well, interesting data point
csd4ni3l
csd4ni3lOP2y ago
i meant does it only work with CloudFlare Pages?
Chaika
Chaika2y ago
The universal cert/free ssl? no, it works with any origin, using the setup Leo described CF Pages actually issues its own SSL cert as well, so you could even use Pages on a non-CF domain if you wanted (has to be on a subdomain though, but that's just pages specific)
PencilNavigator
just confimed this is false (and I believe it only uses Sectigo if you have GTS for your universal)
Chaika
Chaika2y ago
the backup not being sectigo? yea I guess it just uses any different random one, I checked my zones and I have a sectigo backup with an LE Cert picking is kind of a magic black box, I can say from experience it seems it is pretty shy to pick Sectigo unless the universal is GTS, but they might have adjusted that since then as well
csd4ni3l
csd4ni3lOP2y ago
oh chaika, also can i like download the certificate and the corresponding key file or how does it work? i never used cf before, sorry if i am sayig something stupid
Chaika
Chaika2y ago
You can't download Edge Certificates (which is what the free/universal certs are called), no. They only work with proxy cloudflare enabled, CF serves them automagically. Cloudflare offers Origin CA Certs (under SSL/TLS -> Origin Server) that you can configure on your origin and are trusted by the Cloudflare Proxy Origin Certs can last up for 15 years, they're only trusted by the proxy though, so you can't use them unproxied Your configuration would be like Visitor <- Edge/Universal Certificate -> Cloudflare <- Origin CA Cert (or you can use Let's Encrypt/any other trusted cert) -> Origin (your web server)
PencilNavigator
there are lots of free Wildcard SSLs provided by diff CAs (e.g. LE, GTS, ZeroSSL, etc.), Cloudflare just simplifies the step of issuing the cert for you by doing that on their side, you can issue your own free wildcard SSLs using acme.sh or sth simliar. i just tried, the Cloudflare ECC certs i have are all advanced certs automatically generated by connecting a custom domain to pages/workers/web3/r2/etc. (btw those used to be LE iirc)
Chaika
Chaika2y ago
ahh makes sense then, yea the cert. authorities docs still says they stopped using Digicert for Universals
Want results from more Discord servers?
Add your server