Overview
This article delves into the specifics of how Cloudflare handles SSL certificates.
If any of the limits listed above are unacceptable to you, your sole choice is to turn off Cloudflare on the domain.
How long will it take to set up?
You may need to wait a while for DNS changes to propagate while setting up SSL or Secure Hosting.
This can take many hours in some cases.
Additionally, Cloudflare may require up to 24 hours to set up your certificate.
You may be unable to connect to your site over https until the configuration is complete, or you may receive invalid certificate warnings.
What certificate will visitors to my site see?
Cloudflare’s certificate is the only one that visitors to your site will ever see.
If your site uses Cloudflare, the certificate you set up in the GreggHost interface will not be accessible to your site visitors. Cloudflare will always utilize a “professional” certificate, over which you will have no control.
If visitors check the information on your site’s certificate, they will see a certificate that looks like this (regardless of what kind of certificate you have set up in the GreggHost panel). The certificate will appear in Chrome and Firefox as seen in the images below.
Chrome
Firefox
How long will it take for the certificate to set up?
The certificate could take up to 24 hours to properly set up.
When utilizing HTTPS to visit your site, you will get SSL warnings until Cloudflare finishes setting up the certificate for your site. The warnings should go away once the certificate is installed (which should take less than 24 hours).
What about second-level subdomains and SSL warnings?
The FREE option does not support second-level subdomains.
If you try to set up SSL and Cloudflare for www.myblog.example.com, you can get warnings like this when you access the page:
07 SSL cert warning.fw.png via CloudFlare
On first-level subdomains such as myblog.example.com or www.example.com, this warning will not appear.
What happens if I don’t enable Cloudflare on the main domain?
If Cloudflare is not enabled on the main domain, you will receive warnings.
If you want Cloudflare to work with SSL on any of your subdomains, you must also have Cloudflare activated on your main domain. This is a limitation imposed by the SSL Certificate provider; the certificate will not be valid for the subdomains unless the main domain is on Cloudflare.
If you wish to utilize Cloudflare and have SSL enabled on blog.example.com, you must also enable Cloudflare on example.com.
Both the main domain (example.com) and the subdomain (blog.example.com) will show a valid SSL secure lock after Cloudflare is configured.
Make that Cloudflare is turned on for both the main domain and the subdomain in the GreggHost dashboard.
Can I use Cloudflare’s Universal SSL option?
Yes. Universal SSL will be offered to all new domains who pick Cloudflare’s basic subscription. Please note that this is NOT advised because the Universal SSL certificate does not provide complete protection for your site’s traffic. For further information, see Cloudflare’s blog post.
With the basic Cloudflare plan, you can now use a TLS/SSL certificate, such as Let’s Encrypt.
If you no longer desire the Plus option for SSL support, you can downgrade to Basic by canceling the Plus option and switching to the free option instead. In order to complete the process of switching to the Basic option, you must enable the ‘Add WWW’ option in the GreggHost panel. Please see the following article for additional information on adding ‘www’ to your domain:
What is the procedure for adding or removing www from my domain?
Please see Cloudflare’s support page for further information:
https://support.cloudflare.com/hc/en-us/articles/204144518-SSL-FAQ \sTroubleshooting
Troubleshooting
You may see a 526 Cloudflare error after enabling SSL and Cloudflare and browsing the HTTPS version of your site. This is what it will say:
The website is currently unavailable. Error code 526. SSL certificate is invalid.
This is an issue you must resolve within your Cloudflare account, assuming you correctly configured Cloudflare in your GreggHost panel.
Take a look at this article:
https://help.dreamhost.com/hc/en-us/articles/216475197-Cloudflare-with-SSL-overview
Scroll down to the section titled SSL settings in the Cloudflare panel in that article. To access your Cloudflare panel, follow the steps outlined above. The SSL option must then be set to FLEXIBLE.
Your site should resolve utilizing HTTPS instantly after you change this option in Cloudflare.