Cloudflare SSL - Do You Use Or Not?
-
@black3dynamite said in Cloudflare SSL - Do You Use Or Not?:
@nashbrydges said in Cloudflare SSL - Do You Use Or Not?:
@black3dynamite @scottalanmiller Is there any benefit in using CF's SSL? I only see this as confusing if users verefy the cert in their browser. Granted, that's likely a pretty rare thing but still. Any specific reason for using it vs not? You're using it just because it's there?
I use the non strict Full SSL because I have some self-signed certs.
That would be a good use-case scenario. Thanks.
-
I use CF for DNS & as domain registrar.
My web hosting is done somewhere else.I'm trying to use LE certs (at my web hoster) but the dns-01 validation is failing.
What am I doing wrong?
-
@FATeknollogee said in Cloudflare SSL - Do You Use Or Not?:
dns-01
Not sure what that is but could this help?
Cloud Flare hook bash for dehydrated - DNS-01 Challenge Let's Encrypt
https://github.com/sineverba/cfhookbash -
@FATeknollogee said in Cloudflare SSL - Do You Use Or Not?:
I use CF for DNS & as domain registrar.
My web hosting is done somewhere else.I'm trying to use LE certs (at my web hoster) but the dns-01 validation is failing.
What am I doing wrong?
You'll need a cloudflare api key and the registered email in a file. Mine is in /root/.secrets/cloudlfare.ini, which has 2 lines
dns_cloudflare_email = [email protected] dns_cloudflare_api_key = your keyThen you can:
certbot2 certonly --dns-cloudflare-credentials /root/.secret/cloudflare.ini --renew-by-default -d domain.com -d subdomain.domain.comYou do have to list all domains and subdomains you want the cert to be valid for in the command. I have mine scripted to run once every day.
-
@travisdh1 said in Cloudflare SSL - Do You Use Or Not?:
@FATeknollogee said in Cloudflare SSL - Do You Use Or Not?:
I use CF for DNS & as domain registrar.
My web hosting is done somewhere else.I'm trying to use LE certs (at my web hoster) but the dns-01 validation is failing.
What am I doing wrong?
You'll need a cloudflare api key and the registered email in a file. Mine is in /root/.secrets/cloudlfare.ini, which has 2 lines
dns_cloudflare_email = [email protected] dns_cloudflare_api_key = your keyThen you can:
certbot2 certonly --dns-cloudflare-credentials /root/.secret/cloudflare.ini --renew-by-default -d domain.com -d subdomain.domain.comYou do have to list all domains and subdomains you want the cert to be valid for in the command. I have mine scripted to run once every day.
Yep, I have it that way for my home as I cannot get SSL since my ISP blocks port 80.
-
I just don't wan tto take the time to convert everything. I have been using LE for so long...
-
@JaredBusch said in Cloudflare SSL - Do You Use Or Not?:
I just don't wan tto take the time to convert everything. I have been using LE for so long...
Why would you have to convert? Is this a new way of getting certs now?
-
@dbeato @travisdh1
Are you guys doing this on a VPS or you have a self-hosted web server? -
@FATeknollogee said in Cloudflare SSL - Do You Use Or Not?:
@dbeato @travisdh1
Are you guys doinf this on a VPS or you have a self-hosted web server?Mine is a self hosted server with an nginx proxy handling all external traffic. Should work the same with a VPS when using cloudflare for DNS.
-
@black3dynamite said in Cloudflare SSL - Do You Use Or Not?:
@JaredBusch said in Cloudflare SSL - Do You Use Or Not?:
I just don't wan tto take the time to convert everything. I have been using LE for so long...
Why would you have to convert? Is this a new way of getting certs now?
Yes. This would allow us to use CloudFlare again. When I first switched to LE, I had to manually disable CloudFlare (uncheck the orange cloud), wait a minute, then run the LE renew, then reenable CloudFlare.
Certbot eventually came out with a plugin that you could use the CloudFlare API to enable, and disable during the process. But, by then, I had already just disabled CloudFare proxying all my sites that use LE.
Now, with DNS verificaiton, I can turn everything back on and not even need the API to enable/disable. But I will need to take the time to set things back up again.
-
In principle, the combination of both will be appropriate for better safety of the web site. Only along with the above, I also use other types of SSL such as there https://hostovita.pl/ssl/
-
I use the actual CloudFlare certs that they give you also. Not just clicking the cloud. I use GitLab pages to host my blog and LetsEncrypt renewal is still manual there. So I got a free cert from CloudFlare which is good for 15 years and used that instead.
-
@FATeknollogee said in Cloudflare SSL - Do You Use Or Not?:
@dbeato @travisdh1
Are you guys doing this on a VPS or you have a self-hosted web server?On both.
-
@stacksofplates said in Cloudflare SSL - Do You Use Or Not?:
I use the actual CloudFlare certs that they give you also. Not just clicking the cloud. I use GitLab pages to host my blog and LetsEncrypt renewal is still manual there. So I got a free cert from CloudFlare which is good for 15 years and used that instead.
Are you talking about the Universal SSL (Shared) or the Origin Certficates?
-
@black3dynamite said in Cloudflare SSL - Do You Use Or Not?:
@stacksofplates said in Cloudflare SSL - Do You Use Or Not?:
I use the actual CloudFlare certs that they give you also. Not just clicking the cloud. I use GitLab pages to host my blog and LetsEncrypt renewal is still manual there. So I got a free cert from CloudFlare which is good for 15 years and used that instead.
Are you talking about the Universal SSL (Shared) or the Origin Certficates?
Origin.
