Cloudflare SSL vs Letsencrypt

I read threads on this forum and everyone is recommending using free SSL from Cloudflare and Letsencrypt but I don't know what service is better and why? any one gives me an advice.

On a security standpoint - they are the same.
Which one you choose is ultimately up to you - I'd say going with CloudFlare is easier - and has the advantage of also being a CDN. However, if your host uses cPanel and has enabled AutoSSL - going with Let'sEncrypt is just as easy (but no CDN).

Letsencrypt is defently more secure than Cloudflares, the reason for that is CloudFlare not being a real SSL/TLS and it wont provide the intended TLS security.

If you wish to read why Cloudflare SSL is not secure: Cloudflare SSL Problem

Localnode said:

On a security standpoint - they are the same.
Which one you choose is ultimately up to you - I'd say going with CloudFlare is easier - and has the advantage of also being a CDN. However, if your host uses cPanel and has enabled AutoSSL - going with Let'sEncrypt is just as easy (but no CDN).

Click to expand...

Easier for configuring and setting up? If I am using Cloudflare, it should use SSL from them?
Can I use Let'sEncrypt while still using Let'sEncrypt?

HostBastic said:

Letsencrypt is defently more secure than Cloudflares, the reason for that is CloudFlare not being a real SSL/TLS and it wont provide the intended TLS security.

If you wish to read why Cloudflare SSL is not secure: Cloudflare SSL Problem

Click to expand...

Definitely Cloudflare is having problems, can I install Letsencrypt from SSH? I read it can enable by some clicks in cPanel or other hosting panels.

Dr. McKay said:

Easier for configuring and setting up? If I am using Cloudflare, it should use SSL from them?

Click to expand...

You can use their SSL. They have other options, though.

Dr. McKay said:

Definitely Cloudflare is having problems, can I install Letsencrypt from SSH? I read it can enable by some clicks in cPanel or other hosting panels.

Click to expand...

See this guide: https://letsencrypt.org/getting-started/
If your host uses cPanel and has it updated will have AutoSSL, which has the ability to be Let's Encrypt issued. You're best off contacting your host.

Dr. McKay said:

If I am using Cloudflare, it should use SSL from them?

Click to expand...

If you are going to use Cloudflare just use them as a CDN.

Dr. McKay said:

Definitely Cloudflare is having problems, can I install Letsencrypt from SSH? I read it can enable by some clicks in cPanel or other hosting panels.

Click to expand...

Some providers offer the option of a shared free SSL such as Comodo,symantec, etc,.. for their shared hosting accounts, which would be a better option than a free self-signed SSL. If your hosting provider doesn't offer Letsencrypt its better to contact them or buy a cheap Positive SSL for around 10$/year.

LetsEncrypt is a real SSL that encrypts traffic between your site and your server, giving your visitors privacy.

Cloudflare SSL is a certificate that you share with lots of other websites, it will encrypt traffic between your site and cloudflare but it's then unencrypted when it hits the cloudflare network. If you also have an SSL certificate installed on your site it'll then be encrypted again and sent to the server, if not then the request is sent directly to the server.

I have seen that Lets Encrypt SSL is used by so many website, now you even have the one click ssl lets encrypt installer, so i would say that Lets Encrypt is best, easy to configure.

I don't see why that would cause conflicts on your site...
Also, for Cpanel hosted accounts, once you enable their AutoSSL websites are automatically secured with the Domain Validated SSL certificate. https://blog.cpanel.com/autossl/

HostBastic said:

If you are going to use Cloudflare just use them as a CDN.

Click to expand...

This telling that you are suggesting not use SSL from Cloudflare?

HostBastic said:

Some providers offer the option of a shared free SSL such as Comodo,symantec, etc,.. for their shared hosting accounts, which would be a better option than a free self-signed SSL. If your hosting provider doesn't offer Letsencrypt its better to contact them or buy a cheap Positive SSL for around 10$/year.

Click to expand...

Why type of hosting providers that Letsencrypt doesn't work on? I think it depends on my using hosting control panel.

We have been using Lets encrypt SSL and no hard work at all. It going fine with all cpanel users and automatically renew after the grace period ends. I'm not confident with cloudflare ssl may be I am more comfortable with what cpanel provides.

I have not tried LetsEncrypt, but I am using cloudflare and their Free Certificate. I am happy as till now dont have any issues.

While Let's Encrypt looks like a really good and simple solution for SSL, CloudFlare has the advantage of being a Content Delivery Network which should come with the advantage of speeding up the forum a bit.

Hey there, LetsEncrypt SSLs are high-grade SSL certificates that pass https://www.ssllabs.com/ssltest/ standards. If you have letsencrypt ssl that is installed perfectly you will get a+ grade domain validates SSL. This is more than enough and it also work seamlessly with http2 and other latest protocols and http strict transport protocol.

On the other hand cloudflare is not completely end to end encrypted. IT gives flexible ssl , full ssl and origin pull ssl. In these options only felxible ssl is 1 click. And easy to setup for normal users, other methods need technical knowledge and most users cannot install origin pull certificates, because they do not know how to setup it properly.

Now, flexible ssl enrypts traffic only in between your users browsers and cloudflare. But end to end encytpion means, user<->cloudflare<->yoursever all traffic must pass in enrcypted layer. So, cloudflare is not preferable to use for SSL from security point of view. Another thing is there are lots of issues with cloudflare

1. If you use cloudflare dns and cdn and ssl then https://yourdomain.com/cpanel will result in broken interface. As cloudflare caching does not work properly with cpanel.
2. In some countries or regions, cloudflare servers are not optimal (free plan) and they perfom much slow than your original server.
3. Felixble SSL does not encrypt end to end communication, so man in the middle attacks are still possible
4. Cloudflare offer shared SSL certificates in free user plan, so its not as good ad they paid plan SSL.
5. If you are wordpress user and looking to optimize for Google page speed score, you will find it difficult to use plugins like w3tc and cloudflare in combination with https..seems to not work as expected as per our testing.

If you have letsencrypt ssl installation offered by your web hosting company. Use letsencrypt and enjoy the best security for free.

Thanks

rankmyhub said:

Now, flexible ssl enrypts traffic only in between your users browsers and cloudflare. But end to end encytpion means, user<->cloudflare<->yoursever all traffic must pass in enrcypted layer. So, cloudflare is not preferable to use for SSL from security point of view. Another thing is there are lots of issues with cloudflare

Click to expand...

With Cloudflare full or full (strict) SSL , you have a complete end to end encryption. Flexible SSL should be used only for testing purposes.

Cloudflare offer shared SSL certificates in free user plan, so its not as good ad they paid plan SSL.

Click to expand...

The only difference between shared SSL and paid plans is the domain associated with the SSL certificate. But it doesn't have any impact on the security. All my websites score A+ at ssllabs.com with Cloudflare SSL.

If you are wordpress user and looking to optimize for Google page speed score, you will find it difficult to use plugins like w3tc and cloudflare in combination with https..seems to not work as expected as per our testing.

Click to expand...

Just don't use w3tc... With Cloudflare you can easily set the Browser cache expiration of all your assets and you just have to use a plugin like autoptimize to minify your css and js.

The only reason to choose Let's Encrypt instead of Cloudflare SSL is if you need to be PCI Compliant to process Credit Card payment, because Cloudflare free plans doesn't use only TLS 1.2.

VirtuBox said:

With Cloudflare full or full (strict) SSL , you have a complete end to end encryption. Flexible SSL should be used only for testing purposes.

Click to expand...

Yes, you are right, but normal users who are not technically knowledged enough to install self signed ssl at server end and then enable full (strict) mode on cloudflare end.They may not be able to setup that strict ssl part. So that is my point, its the ease of use, that matters to users at the end of the day and your point is valid.

VirtuBox said:

Just don't use w3tc... With Cloudflare you can easily set the Browser cache expiration of all your assets and you just have to use a plugin like autoptimize to minify your css and js.

Click to expand...

W3TC is needed not just for caching alone, but also for database caching, fragment caching redis and some other stuff, so cloudflare does not work when user need to use w3tc and cloudflare together.

There will be some people who will want to get 100/100 score on page speed insghts, then in that case with cloudflare its not possible. As assets are not in our control. Where as if we do not use cloudflare we can achive this 100/100 score and we did already once.

So this is like special case and may not apply to everyone, but from majority of peoples view, for them using w3tc is more important due to various reasons. All in all cloudflare as free service is doing its job, but letsencrypt adds more compitability with things. So my vote goes for letsencrypt in this case.

Thank you.

Lets see what the thread opener says.

rankmyhub said:

Yes, you are right, but normal users who are not technically knowledged enough to install self signed ssl at server end and then enable full (strict) mode on cloudflare end.They may not be able to setup that strict ssl part. So that is my point, its the ease of use, that matters to users at the end of the day and your point is valid.

Click to expand...

If users can install letsencrypt certificates, they can easily install Cloudflare SSL full.

W3TC is needed not just for caching alone, but also for database caching, fragment caching redis and some other stuff, so cloudflare does not work when user need to use w3tc and cloudflare together.

There will be some people who will want to get 100/100 score on page speed insghts, then in that case with cloudflare its not possible. As assets are not in our control. Where as if we do not use cloudflare we can achive this 100/100 score and we did already once.

So this is like special case and may not apply to everyone, but from majority of peoples view, for them using w3tc is more important due to various reasons. All in all cloudflare as free service is doing its job, but letsencrypt adds more compitability with things. So my vote goes for letsencrypt in this case.

Click to expand...

There are several other plugins for database or object cache, especially if you are using redis : Redis-Object-Cache
And you can score 100 on pagespeed insights with Cloudflare :

You can install cloudflare SSL easily and it's best also. Let's encrypt also pretty much awesome

Let's Encrypt!!

Let's assume you are in scenario of free SSL. In such case compared to Cloudflare, you are better off with the Let's encrypt. Because the free plans have their SSL limitations with cloudflare. And for this reason you can make use of the Let's encrypt SSL. You get everything that is being offered by the Cloudflare and even more. You can try cloudflare and if you don't find it useful enough, you can switch to Let's encrypt in Cpanel.