Reading Time: 3 minutes
is an excellent and well-known content delivery network. A CDN can increase site speed by utilizing Cloudflare’s global caching network to deliver content closer to a visitor’s location.
You can also easily attach Cloudflare as an add-on product
to your existing Liquid Web server, but there are some configurations to consider.
In this article, we will be covering how to use Cloudflare in conjunction with Let’s Encrypt SSL. Cloudflare will act as the CDN while Let’s Encrypt performs the SSL (HTTPS) encryption (in lieu of Cloudflare’s Universal SSL).
is an amazing open-service for creating free SSL certs for your site and for this tutorial you should already have Let’s Encrypt installed on your server
While there are correct ways to use Cloudflare with Let’s Encrypt there are also configuration settings that could cause connection errors to appear. So, it’s important to know which options to selecting when setting up these entities.
First, you will need a Cloudflare account
and will need to generate a Let’s Encrypt
x3 cert on your server.
Our Managed WooCommerce
and Managed WordPress
plans will automatically generate a valid Let’s Encrypt SSL cert for your primary domain
set in the manager when your site goes live or if you rename your primary domain in the manager.
If an incorrect SSL mode is selected in Cloudflare it will not load and instead will display an invalid SSL cert. This is a common error and one that can be avoided to ensure that your customers have a positive and trusted experience with your site.
A key part is to make certain the correct SSL mode is set in Cloudflare since it offers a number of different SSL modes:
- Flexible SSL
- Full SSL (Recommended Setting)
- Full SSL (Strict)
SSL Modes can be accessed from the Crypto
section in the Cloudflare dashboard.
Now that you are in the settings of Crypto you will need to go through these specific settings in Cloudflare; these changes will take maybe 30 – 50 seconds to make.
When using Cloudflare, Cloudflare’s Universal SSL is what browsers would see, unless you manually upload your own SSL certificate, which requires the $200/month business plan. Most customers will be fine with utilizing Cloudflare’s Universal SSL.
Select the domain you want to work with, then select “Crypto
” top menu option in Cloudflare. Under SSL
select – Full
. Scroll down to see Always use HTTPS
and set it to ON.
Step 4: On the HTTP Strict Transport Security (HSTS) section select Enable HSTS
You will need to select the “I understand” checkbox and click on the Next button.
You will need to select the “I understand
” checkbox and click on the Next
A pop-up box will appear, where you’ll set:
- Max-Age: 3 months
- Apply HSTS policy to subdomains (includeSubDomains): Off
- Preload: Off
Now click Save
Set to Minimum TLS Version
to TLS 1.2
Opportunistic Encryption: ON
TLS 1.3: Enabled
Automatic HTTPS Rewrites: On
Step 10: Disable Universal SSL
by selecting this option you are no longer using Cloudflare Universal SSL certificate. You will only use SSLs stored in your server, in this case, Let’s Encrypt
. Click “I understand
” and select Confirm.
These simple changes made in Cloudflare will help you to avoid any dreaded downtime when using Let’s Encrypt with Cloudflare. This means that your customers can fully trust that their data is securely transferred with HTTPS through Let’s Encrypt’s.
Do you still need help setting up Cloudflare and Let’s Encrypt on your server? Reach out to us! Our Liquid Web VPS servers
come with 24/7 assistance from our knowledgeable support team. Get the support you deserve today! Open a ticket with us at firstname.lastname@example.org
, or give us a call at 800-580-4985, or open a chat with us
to speak to one of our Level 3 Support Admins or a Solutions Advisor today!