Cloudflare Proxy as Certbot replacement for website on Debian server?

ByJeremy Edberg November 6, 2024March 29, 2025

I have a Debian server and have linked it to my domain and created a WordPress website on it. I have this domain in Cloudflare, and the corresponding DNS entry is proxy-enabled. Although no SSL certificate was installed on the server, my browser shows a secure connection with a valid certificate. However, when I navigate to /wp-admin, it usually shows a secure connection, but sometimes it changes to insecure.

Is Cloudflare's proxy sufficient as a replacement for an SSL certificate, or should I install Certbot for an SSL certificate?

(2 votes)

Programming & Software development

generate lists in lists?

ByMichi123170 July 18, 2023March 30, 2025

for inp in range(2): liste([]) for hid in range(2): liste(random.random()) print(liste) with these I wanted to ensure that I get this output liste=[[],[],[], [],[],[], [],[],[]] but I don't get help

Social networks, blogs & forums

Where can you blog?

ByHanniball49 October 29, 2023February 24, 2025

I would like to blog but I am still a teenager and not an adult. My parents don't allow me to use Tumblr or Instagram or anything like that… Does anyone have an idea where you can simply show people and write what you're doing?

Social networks, blogs & forums

YouTube comment?

ByZapperDark12 February 11, 2024February 23, 2025

Can you write comments on YouTube on a Samsung TV?

Operating systems & drivers

Linux Mint Cinnamon freezes on boot. What now?

ByMaxiKing62 December 20, 2024February 19, 2025

Yeah, like I said, it freezes. The stick is recognized. I start Linux Mint Cinnamon (I tried Viktoria and Wilma, both in the Edge version) and then after a few seconds the RGBs on my mouse and keyboard go out and nothing happens. I let it load for half an hour but nothing happens. The…

Online shopping

Why is fruugo shit?

Bylulululu945 January 15, 2025February 21, 2025

I've heard so many times that fruugo is crap and that you shouldn't order things from fruugo. But there's just so much cheap stuff on fruugo, and I'd like to order something from there. So can someone please tell me if fruugo really isn't any good, and if so, WHY? would be very nice thank…

Programming & Software development

Find a Minecraft plugin developer?

ByRewan11 June 26, 2024March 29, 2025

Hello, Does anyone know the best place to find a Minecraft plugin developer? e.g. a Discord server, a website or something like that Best regards, Rewan11

11 Answers

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Babelfish

4 months ago

No, that’s not enough. With your configuration, the connection from the client to cloudflare is secured via their certificate, but not the connection from cloudflare to your server.

Cloudflare provides free certificates for Origin server available that you can install there. They are valid for a long time (I believe 15 years) and therefore need not be renewed (often).

Then place the communication Total or strict and then it should fit. Then activate HTTPS in WordPress.

Author

Jeremy Edberg

4 months ago

Reply to Babelfish

So should I rather use the free certificates of Cloudflare and not Certbot with automatic renewal of Let’s encrypt certificates?

slaxxer

4 months ago

Reply to Jeremy Edberg

Remember to set up the rule for the subdomain in the CF dashboard

Author

Jeremy Edberg

4 months ago

Reply to Babelfish

If I go to the SSL/TLS menu from the domain in Cloudlfare, the following is available:
SSL/TLS encryption

Current encryption mode:

Flexible

The encryption mode was last changed 17 days ago.

Next automatic scan on: 11/20.

domain.de uses automatic SSL/TLS

Your encryption mode is set to the recommendation of Cloudflare. You can overwrite this by switching to “user-defined”.

Babelfish

4 months ago

Reply to Jeremy Edberg

And with Flexible Cloudflare writes:

…but all connections between cloudflare and your origin are made via HTTP.

As already said, this is not safe because all traffic between Cloudflare and your server is unencrypted.

Section Origin server you can have a certificate for your server and download it. If you have installed this, you can add the encryption to Fully and are on the safe side.

Author

Jeremy Edberg

4 months ago

Thanks, that worked, I didn’t think about it.

Babelfish

4 months ago

Then I don’t know what WordPress wants. Did you also set the URLs to https in WordPress under Settings → Generally?

Author

Jeremy Edberg

4 months ago

Yes, I did

Babelfish

4 months ago

always redirect to HTTPS

And as I have already written, you also have the setting for the SSL/TLS encryption mode in Cloudflare Flexible on Fully changed?

Author

Jeremy Edberg

4 months ago

I have everything like in this tutorial (https://www.orchidbox.com/insights/how-to-install-a-cloudflare-origin-certificate-on-your-apache-server/) made to redirect in cloudflare always to HTTPS, for always HTTPS use the WordPress Config and the .htaccess file adapted and restarted the server, but in WordPress I am still displayed in the website state that the website does not use HTTPS.

BeamerBen

4 months ago

As long as you secure the traffic between Cloudflare and your server with an internal cert, this is enough. But can use it as well as certbot.

When the traffic is clarified by cloudflare (not only DNA is running over cloudflare!) it has a valid certificate of cloudflare to the outside.

Similar Posts