2.15.1.1.4. Install SSL from Cloudflare

To correctly configure an SSL certificate when using Cloudflare, you must do the following:

1. Connect your domain to Cloudflare (if not connected).
2. Configure SSL/TLS in the Cloudflare control panel and obtain a certificate for hosting.
3. Install the obtained certificate on the hosting.

1. Log in to the Cloudflare site.
2. On the Cloudflare control panel home page, click on your domain:
3. In the "SSL/TLS → Overview" section, click "Configure":
4. Select "Full (strict)" and save your changes:Description of available encryption modes:
   • "Full (strict)" (recommended) — encryption between the client, Cloudflare, and the hosting (on the hosting, a secure Cloudflare certificate is installed).
   • "Full" — encryption between the client, Cloudflare, and the hosting (on the hosting, a less secure self-signed certificate is installed).
   • "Flexible" — encryption only between the client and Cloudflare; traffic between Cloudflare and the hosting provider is not encrypted (no certificate installation is required on the hosting's side, but all redirects to HTTPS must be disabled in the hosting's settings and on the site).
   • "Off (not secure)" — no encryption.
5. In the "SSL/TLS → Origin server" section, click "Create Certificate":
6. Select "Generate private key and CSR with Cloudflare", "RSA (2048)", the addresses for which the certificate will be valid, the certificate's expiration date, and click "Create":
7. Wait until the certificate is created, select "PEM", copy the certificate and private key data, and save them (for example, paste and save them in separate text files named certificate.crt and private.key; the file names and extensions can be anything you like):
8. Install the obtained certificate on the hosting.