Help with SSL Encryption


#1

I’m currently trying to set up my first Ghost blog through the 1-Click app at DigitalOcean and I have a question regarding SSL encryption.

During the Ghost installation process (Ghost-CLI), HTTPS gets automatically set up though Let’s Encrypt. However, I would like to use a Cloudflare account for DNS settings and SSL encryption.

Once the Ghost setup was done, I redirected my IP to my Cloudflare and domain. At that point, blog was not accessible through my domain as I would get a redirect error (it worked when accessing through the IP address though). I went into the encryption settings inside my Cloudflare account and changed the settings from ‘Flexible’ to ‘Full’. That seemed to work and make my site accessible.

Here’s my question: Will the SSL certificate ‘overwrites’ itself with Cloudflare’s even after installing Let’s Encrypt? Or is there a better way to do this? I hope my question makes sense, I’m very new at this.


#2

I think the information you’re looking for can be found on this post :slight_smile:


#3

Thanks a lot for your reply!

I am not sure if I understand everything. Are you saying that we should keep both Let’s Encrypt and CloudFlare SSL? Also, what is the difference between Full and Full (strict)? Which one would you recommend?


#4

Yes, you need both LE and CF SSL enabled if you want connections to your site to be fully secure :slight_smile:

Here’s a breakdown of the CF SSL Options:

I use Full (Strict) 99% of the time :slight_smile:


#5

Thank you very much, you’ve been very helpful! :grinning:


#6

I have another question if you don’t mind :slight_smile: During the installation of Ghost (through DigitalOcean’s 1-Click app, I noticed that this message comes up during the setup:

Once complete, you are encouraged to run mysql_secure_installation to ready your server for production.

Do I need to do something? Or does the 1-Click app do everything for me?


#7

I’m not entirely sure, I haven’t run a set up via the 1-click installation :confused:


#8

Ok no problem. Do you know why setting to “Full” works but setting it to “Full (Strict)” sends to a Bad Getaway error?


#9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.