Cloudflare is a cross between a content delivery network (CDN) and a cloud security platform that provides website optimization, security, and performance services.
GreenGeeks is fully compatible with Cloudflare, and we encourage our customers to take advantage of the benefits that Cloudflare can provide.
Cloudflare acts as a proxy between the hosting server and the visitor. This often improves the speed and reliability of the website, in addition to helping to block online threats.
Getting Started with Cloudflare SSL
Cloudflare provides a free universal SSL certificate for all domains.
There are no special steps required to issue the SSL certificate for your domain(s) on Cloudflare, simply follow the normal Cloudflare configuration process to set up a new domain.
- Sign up for a Cloudflare account.
- Add a new domain to the Cloudflare account.
- Re-create all DNS records from the GreenGeeks DNS zone to the Cloudflare DNS zone.
- Update the nameservers for that domain to those provided by Cloudflare.
- Allow time for DNS propagation[4-8 hours usually].
- Choose an SSL encryption mode.
- Enable HTTPS re-direction [Optional]
For full step-by-step getting started instructions, refer to the Cloudflare documentation: https://developers.cloudflare.com/ssl/get-started/
Cloudflare SSL – Edge Certificates
Cloudflare offers several options for your domain’s SSL(edge) certificate:
- Universal certificates: By default, Cloudflare issues free, publicly trusted SSL certificates to all domains added to and activated on Cloudflare.
- Advanced certificates: Advanced certificates are more customizable than Universal SSL but still offer the convenience of Cloudflare-managed SSL certificate issuance and renewal.
- Custom certificates: Custom certificates for customers (for Business and Enterprise only) who want to use their own SSL certificates on the Cloudflare platform.
- Keyless certificates (Enterprise only): Keyless SSL users to upload their custom certificates and benefit from Cloudflare, but without exposing their SSL private keys.
Custom Cloudflare Certificates
Free Cloudflare customers will be given a Cloudflare-generated universal certificate, while Business and Enterprise customers can use their own SSL certificates.
Refer to the Cloudflare documentation on uploading custom SSL certificates. Note that uploading a custom certificate requires a Business or Enterprise plan.
For more info on Cloudflare custom certificates refer to: https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/
Cloudflare Encryption Modes
- OFF (No Encryption)
- HTTPS(SSL) is disabled on Cloudflare.
- Cloudflare, and Visitors, will access the site using regular HTTP.
- Flexible
- This option is not recommended.
- Flexible SSL secures the connection between Cloudflare & the Visitor.
- Cloudflare will access the site via HTTP and present it to the Visitor via HTTPS access, so the Visitor will see a secure site.
- Instead of Flexible, it’s best to configure the site to use HTTPS on the hosting account as using a Cloudflare SSL rewrite makes debugging difficult and does not secure connections between the GreenGeeks server & Cloudflare.
- Full
- Full is the recommended option.
- All connections to the server are secured with HTTPS(SSL).
- GreenGeeks recommends configuring the website backend URLs for HTTPS before setting the encryption mode SSL = Full.
- Full (strict)
- The same as “Full” but requires a browser-valid-certificate such as the LetsEncrypt certificates provided automatically by GreenGeeks.
- Full(strict) will not work with a server-generated certificate(self-signed).
For more info on SSL encryption modes, refer to the Cloudflare documentation:
https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/
Contact Support
If you have questions about how to configure your GreenGeeks website in combination with Cloudflare, please open a ticket from within the GreenGeeks dashboard: https://my.greengeeks.com/open-ticket