SSL
I use the free mode, in this case can I only use flexible SSL or the others as well, especially (full)?
6 Replies
Free can use Full (Strict), which is what is recommended. There's also SSL-only available to free now but it doesn't do anything more then Full (Strict) as long as you have
always use https under ssl/tls -> edge enabledWould you know something about it here: (Cloudflare will start using ISRG Root X1 CA for all Let’s Encrypt certificates. Legacy clients may experience TLS termination errors when connecting to domains protected by a Let’s Encrypt certificate if the client does not include ISRG Root X1 CA in their Reliable storage. To minimize interruptions, I recommend switching to a more compatible Certification Authority (CA), such as Google Trust Services.) Will I need to do something else not my server about it or does this part only have to do with cloudflare?
As long as you have proxy enabled on all your websites/dns records that are exposed to general audiences then it's all to do with Cloudflare
If you don't have any adv. certs and just the universal it should have already switched for you
So I would like to use the ssl (full) that in this case will use the ssl of cloudflare and the ssl of my server, Now seeing this part about update I thought I would have to do something also with respect to the ssl of my server so that it does not have any divergence or something like that. Let’s say I already have a ssl by letsencrypt on my server (digitalocean - cloudpanel) I would need to update there too? Or this update that was reported in cloudflare is the only one that will be done? I just use ssl generated by letsencrypt in both cases
As long as you have proxy enabled CF will use another certificate provider like GTS (Google) for your universal -- to ensure maximum compatability for visitors, and then you don't need to worry about the cert on your origin because CF will trust Let's Encrypt no issue
I understand. Thank you for the information