CloudFlare is a great DNS and PROXY service and is our preferred DNS provider. But, it does require certain settings on each of your domain before SSL can be properly configured on your sites.

SSL/TLS Need To Be Set To FULL (STRICT) #

  • Login to Cloudflare and navigate to the SSL/TLS tab
  • Click on the OVERVIEW Tab
  • Make sure the SSL/TLS Encryption Mode is set to FULL (STRICT)

Turn off the “Always Use HTTPS” Option #

When your site is first created, it does not have an SSL certificate. So if this option is turned on at CloudFlare it will prevent any attempts to issue an SSL certificate because all validation requests to the site will be redirected to HTTPS – which is not yet configured on the site.

  • Login to Cloudflare and navigate to the SSL/TLS tab
  • Click on the EDGE CERTIFICATES Tab
  • Make sure the ALWAYS USE HTTPS option is turned off

Bot Fight Mode #

We recommend that you turn this off. When turned on it’s too aggressive and will prevent a lot of pages from being properly rendered for all but the simplest sites.

Page Rules #

Custom page rules are a common source of issues. If you have them and you’re running into issues, turn them off and see if the issues go away.

Other #

If you continue to have issues, double-check that you have only one “A” or “AAAA” record in your DNS. (It is possible to have multiple of these records that point to different IPs.)

More Topics In Tips, Techniques & Education. #