How do we use Let’s Encrypt with Cloudflare?
Let’s Encrypt is an open service for creating free SSL certs for our site. Improper configuration settings while using Cloudflare with Let’s Encrypt, could cause connection errors.
As a part of our Server Management Services, we help our Customers with tasks related to Let’s Encrypt regularly.
Let us today discuss how to set up Cloudflare to use Let’s Encrypt SSL.
Let’s Encrypt with Cloudflare
To use Let’s Encrypt in Cloudflare, Let’s Encrypt should be installed on the server.
SSL mode in Cloudflare account
First, we will need a Cloudflare account and will need to generate a Let’s Encrypt x3 cert on the server.
While selecting incorrect SSL mode in Cloudflare, it will not load and instead will display an invalid SSL cert. This is a common error and one that can be avoided to ensure that our customers have a positive and trusted experience with our site.
A key part is to make certain the correct SSL mode is set in Cloudflare since it offers a number of different SSL modes:
- Flexible SSL
- Full SSL (Recommended Setting)
- Full SSL (Strict)
SSL Modes can be accessed from the Crypto section in the Cloudflare dashboard. Select the domain we want to work with. Then select “Crypto” top menu option in Cloudflare. Under SSL select – Full. Scroll down to see Always use HTTPS and set it to ON.
SSL settings in Cloudflare
After setting the SSL mode, we need to enable HSTS. On the HTTP Strict Transport Security (HSTS) section, select Enable HSTS. We will need to select the “I understand” checkbox and click on the Next button.
A pop-up box will appear, where we will set the above values and click save:
- Max-Age: 3 months
- Apply HSTS policy to subdomains (includeSubDomains): Off
- Preload: Off
Now, we need to set to Minimum TLS Version to TLS 1.2 and Opportunistic Encryption to ON. Also, set TLS 1.3 to Enabled and Automatic HTTPS Rewrites to On.
Further, Disable Universal SSL by selecting this option. As we are no longer using Cloudflare Universal SSL certificate and are using SSLs stored in our server, in this case, Let’s Encrypt. Click “I understand” and select Confirm.
These simple changes made in Cloudflare will help to avoid any dreaded downtime. This means that customers can fully trust that their data is securely transferred with HTTPS through Let’s Encrypt.
[Need any further assistance with Cloudflare errors? – We’re available 24*7]
In short, Improper configuration settings while using Let’s Encrypt, could cause connection errors. Today, we saw how our Support Engineers perform this task.