Using SSL with CloudFlare - Avoiding 520 errors
This article was posted in: Web Hosting
CloudFlare is a CDN service that sites between visitors to your website and our web server. When CloudFlare receives a https request, it must request the content from our servers. By default, and for best security, CloudFlare will make the proxy request to our servers using https and will expect to get a reply from our server that is correctly signed by a recognised certificate authority.
That is to say, you must also have an SSL certificate installed on your Krystal cPanel account for the domain in question.
You can do two things
Option 1 - Change CloudFlare's SSL settings to FLEXIBLE and use selfsigned SSL from Krystal server
Log into CloudFlare and select Websites from the top menu. Then, find your website in the list below, and click on the little cog icon at the far right (as shown).
Scroll down to the SSL section, and click the dropdown control to see the three settings as shown. Choose Flexible SSL. That's it. The changes may take some time to take effect. The requests from CloudFlare to our server will still be encrypted, but CloudFlare will not be able to establish the identity of our server. This is better than nothing. Whilst a man in the middle attack could be mounted, it would be extremely difficult and would have to be mounted at some point on the internet's backbone in one of the datacentres between CloudFlare and Krystal - highly unlikely (but possible nonetheless).
Option 2 - Install a full SSL certificate on your Krystal cPanel account for the domain in question
Leave CloudFlare set to Full SSL and either supply us with the private key, signed SSL, and any chain certificates as THREE SEPARATE FILES, or purchase an SSL from us for the domain, and we will install it for you.