AutoSSL with Cloudflare

With cPanel offering autossl to provide any site with DNS that points to the server with a free SSL this has been great for many domains, however many people use CloudFlare as a caching service and the proxy aspect of their service the IP of the site no longer points to the server and thus will not process the request properly for the DCV verification. Just recently cPanel did add in the option for DNS verification, but the bulk many people this will not be a seamless option for them and the text file verification will be still for a long time to come the AutoSSL main verification method. This will work for either type of SSL support in cPanel, cPanle/Comodo and Letsencrypt.

In Cloudflare you will need to make these changes:

On the Crypto Tab (padlock icon) set:

Always use HTTPS OFF

Redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone.

Then under Page Rules (funnel icon) you will need to add 2 rules the first being one of the following:

For cPanel/Comodo:

http://*domain.com/.well-known/pki-validation/*

SSL: off

Automatic HTTPS rewrites: off

For Letsencrypt:

http://domain.com/.well-known/acme-challenge/

SSL: off

Automatic HTTPS rewrites: off

The next rule is:

http://domain.com/

Always use HTTPS

The first rule you will chose depending on which system you are on, by default this will be cPanel/Comodo. However many people do enable Letsencrypt as it can issue a SSL very quickly. The first part is the path for the DCV text file they make. Then it will disable the SSL support and keep it from rewriting as well. This will allow it to properly read the site when it has no SSL added yet. The second rule then re-enables SSL support.

This would need to be done for each domain you own and run under Cloudflare. This will allow you to run Cloudflare in Full Strict SSL support as both ends will have a valid working SSL for use with the domain.