Cloudflare offers several options to enable SSL within the panel. This article is an overview of how to enable SSL for a Cloudflare-enabled domain.
When setting up an SSL certificate with your Cloudflare account, you’ll notice a few different available options. The following sections detail these options. View the following article from Cloudflare for more information:
Step 1 — Add an SSL certificate to your domain
You must first add an SSL certificate to your domain in your DreamHost panel. You can either add a free 'Let's Encrypt' or a paid Sectigo certificate.
Step 2 — Selecting a Cloudflare plan
- Both FREE and Plus plans work with an SSL certificate.
- It’s also currently not possible to add Cloudflare to a dreamhosters.com subdomain.
View the following article to add a Cloudflare plan to your domain.
Step 3 — Setting SSL options in the Cloudflare panel
Once you create a Cloudflare plan, use your newly-created login credentials to log in to the Cloudflare panel:
- Go to https://dash.cloudflare.com and log in.
- On the overview page, your domains are listed along with what type of plan you're using:
- Click your domain to alter its settings.
- Click the SSL/TLS button at the top to adjust the security settings.
- If you've enabled the paid Cloudflare plan in the DreamHost panel, 'Flexible SSL' is selected by default:
- Select an SSL option from the dropdown to the right of the SSL section:
- Flexible SSL
- Full SSL
- Full SSL (Strict)
An explanation of the plans is mentioned below, but you can also view further information by visiting the Cloudflare support page.
Flexible SSL — (only if you do not have an SSL certificate)
- DO NOT use this option if you have added an SSL certificate to your domain.
- The connection between the user and Cloudflare is secure, but the connection between DreamHost and Cloudflare is not encrypted.
- This is the default setting for your domain when you add a FREE Cloudflare plan to your domain without an SSL certificate.
- This setting is NOT recommended if you have any sensitive information on your website.
- View Cloudflare's blog post about this Universal SSL option.
- This setting does not require you to purchase an SSL certificate, therefore it is a last resort option.
It's possible you may see an infinite redirect loop on your site when enabling 'Flexible SSL'. Since 'Flexible SSL' doesn't work with a DreamHost SSL certificate, make sure you're not using any .htaccess redirects. Your site must only resolve to the HTTP version.
Full SSL — (only for self-signed certificates)
- ONLY use this option if you have a self-signed certificate.
- The connection between the user and Cloudflare is secure. The connection between Cloudflare and DreamHost is secure, but not authenticated.
- Your visitors will see HTTPS and a secure padlock in their browser.
- You must have at least a self-signed certificate installed.
- Cloudflare does not verify the authenticity of the certificate you installed.
Full SSL (Strict) — (for valid SSL certificates)
- Use this option if you have a professionally-signed certificate, or 'Let's Encrypt' certificate.
- The connection between the user and Cloudflare and from Cloudflare to DreamHost is secure.
Only a professionally-signed or 'Let's Encrypt' certificate will work with Cloudflare’s Full SSL (Strict) setup.