ISPA Winner 2018 16 Years of Krystal

Web Hosting

Please find below our list of Web Hosting guides to help with your hosting account.

Using SSL with CloudFlare - Avoiding 520 errors

This article was posted in: Web Hosting

CloudFlare is a CDN service that sites between visitors to your website and our web server. When CloudFlare receives a https request, it must request the content from our servers. By default, and for best security, CloudFlare will make the proxy request to our servers using https and will expect to get a reply from our server that is correctly signed by a recognised certificate authority.

That is to say, you must also have an SSL certificate installed on your Krystal cPanel account for the domain in question.

You can do two things

Option 1 - Change CloudFlare's SSL settings to FLEXIBLE and use selfsigned SSL from Krystal server

Log into CloudFlare and select Websites from the top menu. Then, find your website in the list below, and click on the little cog icon at the far right (as shown).

Scroll down to the SSL section, and click the dropdown control to see the three settings as shown. Choose Flexible SSL. That's it. The changes may take some time to take effect. The requests from CloudFlare to our server will still be encrypted, but CloudFlare will not be able to establish the identity of our server. This is better than nothing. Whilst a man in the middle attack could be mounted, it would be extremely difficult and would have to be mounted at some point on the internet's backbone in one of the datacentres between CloudFlare and Krystal - highly unlikely (but possible nonetheless).

Option 2 - Install a full SSL certificate on your Krystal cPanel account for the domain in question

Leave CloudFlare set to Full SSL and either supply us with the private key, signed SSL, and any chain certificates as THREE SEPARATE FILES, or purchase an SSL from us for the domain, and we will install it for you.