Cloudflare is an excellent and well-known content delivery network. A CDN can increase site speed by utilizing Cloudflare's global caching network to deliver content closer to a visitor's location.
Let's Encrypt is an open service for creating free SSL certs for our site. Improper configuration settings while using Cloudflare with Let's Encrypt, could cause connection errors.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Let's Encrypt queries.
In this context, we shall look into how to set up Cloudflare to use Let's Encrypt SSL.
How to configure Let's Encrypt with Cloudflare ?
To use Let's Encrypt in Cloudflare, Let's Encrypt should be installed on the server.
1. SSL mode in Cloudflare account
First, we will need a Cloudflare account and will need to generate a Let's Encrypt x3 cert on the server.
While selecting incorrect SSL mode in Cloudflare, it will not load and instead will display an invalid SSL cert. This is a common error and one that can be avoided to ensure that our customers have a positive and trusted experience with our site.
A key part is to make certain the correct SSL mode is set in Cloudflare since it offers a number of different SSL modes:
- Flexible SSL
- Full SSL (Recommended Setting)
- Full SSL (Strict)
SSL Modes can be accessed from the Crypto section in the Cloudflare dashboard. Select the domain we want to work with.
Then select "Crypto" top menu option in Cloudflare. Under SSL select – Full. Scroll down to see Always use HTTPS and set it to ON.
2. SSL settings in Cloudflare
After setting the SSL mode, we need to enable HSTS. On the HTTP Strict Transport Security (HSTS) section, select Enable HSTS.
We will need to select the "I understand" checkbox and click on the Next button.
A pop-up box will appear, where we will set the above values and click save:
Max-Age: 3 months
Apply HSTS policy to subdomains (includeSubDomains): Off
Now, we need to set to Minimum TLS Version to TLS 1.2 and Opportunistic Encryption to ON. Also, set TLS 1.3 to Enabled and Automatic HTTPS Rewrites to On.
Further, Disable Universal SSL by selecting this option. As we are no longer using Cloudflare Universal SSL certificate and are using SSLs stored in our server, in this case, Let's Encrypt. Click "I understand" and select Confirm.
These simple changes made in Cloudflare will help to avoid any dreaded downtime. This means that customers can fully trust that their data is securely transferred with HTTPS through Let's Encrypt.
[Need urgent assistance with Cloudflare errors? – We're available 24*7. ]