How to Use Let’s Encrypt with Cloudflare

Reading Time: 3 minutes

Cloudflare is an excellent and well-known content delivery network. A CDN can increase site speed by utilizing Cloudflare’s global caching network to deliver content closer to a visitor’s location. You can also easily attach Cloudflare as an add-on product to your existing Liquid Web server, but there are some configurations to consider.

In this article, we will be covering how to use Cloudflare in conjunction with Let’s Encrypt SSL. Cloudflare will act as the CDN while Let’s Encrypt performs the SSL (HTTPS) encryption (in lieu of Cloudflare’s Universal SSL). Let’s Encrypt is an amazing open-service for creating free SSL certs for your site and for this tutorial you should already have Let’s Encrypt installed on your server.  While there are correct ways to use Cloudflare with Let’s Encrypt there are also configuration settings that could cause connection errors to appear. So, it’s important to know which options to selecting when setting up these entities.

Step 1: First, you will need a Cloudflare account and will need to generate a Let’s Encrypt x3 cert on your server.

Note:
Our Managed WooCommerce and Managed WordPress plans will automatically generate a valid Let’s Encrypt SSL cert for your primary domain set in the manager when your site goes live or if you rename your primary domain in the manager.

If an incorrect SSL mode is selected in Cloudflare it will not load and instead will display an invalid SSL cert.  This is a common error and one that can be avoided to ensure that your customer’s have a positive and trusted experience with your site.

A key part is to make certain the correct SSL mode is set in Cloudflare since it offers a number of different SSL modes:

  • Off
  • Flexible SSL
  • Full SSL (Recommended Setting)
  • Full SSL (Strict)

Step 2: SSL Modes can be accessed from the Crypto section in the Cloudflare dashboard.

Now that you are in the settings of Crypto you will need to go through these specific settings in Cloudflare; these changes will take maybe 30 – 50 seconds to make.

Note:
When using Cloudflare, Cloudflare’s universal SSL is what browsers would see, unless you manually upload your own SSL certificate, which requires the $200/month business plan. Most customers will be fine with utilizing Cloudflare’s universal SSL.

Step 3: Select the domain you want to work with, then select “Crypto” top menu option in Cloudflare. Under SSL select – Full.  Scroll down to see Always use HTTPS and set it to ON.

Step 4: On the HTTP Strict Transport Security (HSTS) section select Enable HSTS

You will need to select the “I understand” checkbox and click on the Next button.

You will need to select the “I understand” checkbox and click on the Next button.

Step 5: A pop up box will appear, here you’ll set:

  • Max-Age: 3 months
  • Apply HSTS policy to subdomains (includeSubDomains): Off
  • Preload: Off

Now click Save

Step 6: Set to Minimum TLS Version to TLS 1.2

Step 7: Opportunistic Encryption: ON

Step 8: TLS 1.3: Enabled

Step 9: Automatic HTTPS Rewrites: On

Step 10: Disable Universal SSL by selecting this option you are no longer using Cloudflare Universal SSL certificate. You will only use SSLs stored in your server, in this case, Let’s Encrypt. Click “I understand” and select Confirm.

These simple changes made in Cloudflare, will help you to avoid any dreaded downtime when using Let’s Encrypt with Cloudflare. Meaning that your customer’s can fully trust that their data is securely transferred with HTTPS through Let’s Encrypt’s.

Still need help setting up Cloudflare and Let’s Encrypt on your server?  Reach out to us!  Our Liquid Web servers come with 24/7 assistance from our knowledgable support team.  Get the support you deserve today!

Transfer an SSL to Ubuntu 16.04 or CentOS 7

Reading Time: 7 minutes

SSL certificates have become a de facto part of every website. If you don’t yet have an SSL on your site to encrypt data, you should. Rather than showing an extra layer of security on sites protected by SSL, modern browsers instead now display a warning when a website does not have an SSL, essentially requiring sites to maintain their positive image.

When moving from one server to another, what needs to happen to your SSL to maintain your secure status? We’ll cover the basics for transferring traditional and Let’s Encrypt SSLs to Ubuntu 16.04 and CentOS 7.

Note:
This article will address SSLs in Apache specifically, but the same concepts apply to any service that supports SSL encryption.

Can SSLs be transferred between servers?

Continue reading “Transfer an SSL to Ubuntu 16.04 or CentOS 7”

SSL vs TLS

Reading Time: 4 minutes

You may have first heard about TLS because your Apache service needed to be secured using TLS for a PCI scan (Payment Card Industry: PCI scans are a standard to ensure server security for credit card transactions). Or maybe you noticed that your SSL also mentions TLS when you are ordering the certificate. Beyond where you heard the names, the question is, what is this mysterious TLS in relation to SSL and which of the two should you be using? Continue reading “SSL vs TLS”

How to Configure Your Liquid Web VPN

Reading Time: 2 minutes

Liquid Web offers a free Virtual Private Network (VPN) user with every account. A VPN uses encryption to secure your computer’s connection to the Internet and guarantees that all of the data you’re sending and receiving to the Liquid Web network is secured from any potential prying third parties.

Be security-minded.

A VPN will secure and encrypt inherently insecure communications (such as HTTP, FTP, SMTP, etc.) to the Liquid Web network, even while using an untrusted public network.

Who uses a VPN? People just like you.

The Professional: Whether working from a permanent home office, or simply getting a few important projects done from home, a VPN will provide secure access to files stored on your dedicated server.

Remote Developers: Do you have a fleet of remote WordPress, Joomla, PHP, Drupal, or other developers that need secure access to your hosting infrastructure? If so, a VPN is not only perfect, but should be required.

The World Traveler: Working on your top secret startup from abroad? Or perhaps uploading photos from your most recent adventure? Prevent snooping by using a VPN.

Once you’re logged into your Liquid Web Manage account, follow the steps below to create a VPN user and get connected! Continue reading “How to Configure Your Liquid Web VPN”