Cloudflare offers several options to enable SSL within their panel. This article is an overview of how to enable SSL for a Cloudflare-enabled domain.
When setting up an SSL certificate with your Cloudflare account, you’ll notice a few different available options. The following sections detail these options. View the following article from Cloudflare for more information:
Step 1 — Add an SSL certificate to your domain
You must first add an SSL certificate to your domain in your DreamHost panel. You can either add a free Let's Encrypt or a paid Sectigo certificate. See the following articles for more information:
Step 2 — Selecting a Cloudflare plan
- It’s also currently not possible to add Cloudflare to a dreamhosters.com subdomain.
View the following article to learn more about how to set up a Cloudflare plan for your domain:
Step 3 — Setting SSL options in the Cloudflare panel
Once you create a Cloudflare plan, use your newly-created login credentials to log in to the Cloudflare panel:
- Go to https://dash.cloudflare.com and log in.
- On the overview page, your domains are listed along with what type of plan you're using:
- Click your domain to alter its settings.
- Click the SSL/TLS button at the top to adjust the security settings.
- Select an SSL option from the dropdown to the right of the SSL section:
- Flexible SSL
- Full SSL
- Full SSL (Strict)
The only option you should use is 'Full SSL (Strict)' with a professionally-signed or a Let's Encrypt certificate.
Any other choice is not fully secure.
An explanation of the plans is mentioned below, but you can also view further information by visiting the Cloudflare support page.
Flexible SSL — (only if you do not have an SSL certificate)
- DO NOT use this option if you have added an SSL certificate to your domain.
- The connection between the user and Cloudflare is secure, but the connection between DreamHost and Cloudflare is not encrypted.
- This is the default setting for your domain when you add a FREE Cloudflare plan to your domain without an SSL certificate.
- This setting is NOT recommended if you have any sensitive information on your website.
- View Cloudflare's blog post about this Universal SSL option.
- This setting does not require you to purchase an SSL certificate, therefore it is a last resort option.
It's possible you may see an infinite redirect loop on your site when enabling 'Flexible SSL'. Since 'Flexible SSL' doesn't work with a DreamHost SSL certificate, make sure you're not using any .htaccess redirects. Your site must only resolve to the HTTP version.
Full SSL — (only for self-signed certificates)
- ONLY use this option if you have a self-signed certificate.
- The connection between the user and Cloudflare is secure. The connection between Cloudflare and DreamHost is secure, but not authenticated.
- Your visitors will see HTTPS and a secure padlock in their browser.
- You must have at least a self-signed certificate installed.
- Cloudflare does not verify the authenticity of the certificate you installed.
Full SSL (Strict) — (for valid SSL certificates)
- Use this option if you have a professionally-signed certificate or a Let's Encrypt certificate.
- The connection between the user and Cloudflare and from Cloudflare to DreamHost is secure.
Only a professionally-signed or a Let's Encrypt certificate will work with Cloudflare’s Full SSL (Strict) setup.