Help with SSL Encryption

I’m currently trying to set up my first Ghost blog through the 1-Click app at DigitalOcean and I have a question regarding SSL encryption.

During the Ghost installation process (Ghost-CLI), HTTPS gets automatically set up though Let’s Encrypt. However, I would like to use a Cloudflare account for DNS settings and SSL encryption.

Once the Ghost setup was done, I redirected my IP to my Cloudflare and domain. At that point, blog was not accessible through my domain as I would get a redirect error (it worked when accessing through the IP address though). I went into the encryption settings inside my Cloudflare account and changed the settings from ‘Flexible’ to ‘Full’. That seemed to work and make my site accessible.

Here’s my question: Will the SSL certificate ‘overwrites’ itself with Cloudflare’s even after installing Let’s Encrypt? Or is there a better way to do this? I hope my question makes sense, I’m very new at this.

I think the information you’re looking for can be found on this post :slight_smile:

Thanks a lot for your reply!

I am not sure if I understand everything. Are you saying that we should keep both Let’s Encrypt and CloudFlare SSL? Also, what is the difference between Full and Full (strict)? Which one would you recommend?

Yes, you need both LE and CF SSL enabled if you want connections to your site to be fully secure :slight_smile:

Here’s a breakdown of the CF SSL Options:

I use Full (Strict) 99% of the time :slight_smile:

Thank you very much, you’ve been very helpful! :grinning:

1 Like

I have another question if you don’t mind :slight_smile: During the installation of Ghost (through DigitalOcean’s 1-Click app, I noticed that this message comes up during the setup:

Once complete, you are encouraged to run mysql_secure_installation to ready your server for production.

Do I need to do something? Or does the 1-Click app do everything for me?

I’m not entirely sure, I haven’t run a set up via the 1-click installation :confused:

Ok no problem. Do you know why setting to “Full” works but setting it to “Full (Strict)” sends to a Bad Getaway error?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.