Cloudflare SSL vs Letsencrypt

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
343
Best answers
0
Ratings
22
Points
18
#1
I read threads on this forum and everyone is recommending using free SSL from Cloudflare and Letsencrypt but I don't know what service is better and why? any one gives me an advice.
 

Localnode

Moderator
Staff Member
Joined
Dec 15, 2015
Messages
253
Best answers
0
Ratings
73 1
Points
28
#2
On a security standpoint - they are the same.
Which one you choose is ultimately up to you - I'd say going with CloudFlare is easier - and has the advantage of also being a CDN. However, if your host uses cPanel and has enabled AutoSSL - going with Let'sEncrypt is just as easy (but no CDN).
 

HostBastic

Well-known member
Joined
Nov 17, 2016
Messages
316
Best answers
1
Ratings
39 2
Points
28
#3
Letsencrypt is defently more secure than Cloudflares, the reason for that is CloudFlare not being a real SSL/TLS and it wont provide the intended TLS security.

If you wish to read why Cloudflare SSL is not secure: Cloudflare SSL Problem
 

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
343
Best answers
0
Ratings
22
Points
18
#4
On a security standpoint - they are the same.
Which one you choose is ultimately up to you - I'd say going with CloudFlare is easier - and has the advantage of also being a CDN. However, if your host uses cPanel and has enabled AutoSSL - going with Let'sEncrypt is just as easy (but no CDN).
Easier for configuring and setting up? If I am using Cloudflare, it should use SSL from them?
Can I use Let'sEncrypt while still using Let'sEncrypt?

Letsencrypt is defently more secure than Cloudflares, the reason for that is CloudFlare not being a real SSL/TLS and it wont provide the intended TLS security.

If you wish to read why Cloudflare SSL is not secure: Cloudflare SSL Problem
Definitely Cloudflare is having problems, can I install Letsencrypt from SSH? I read it can enable by some clicks in cPanel or other hosting panels.
 

Localnode

Moderator
Staff Member
Joined
Dec 15, 2015
Messages
253
Best answers
0
Ratings
73 1
Points
28
#5
Easier for configuring and setting up? If I am using Cloudflare, it should use SSL from them?
You can use their SSL. They have other options, though.


Definitely Cloudflare is having problems, can I install Letsencrypt from SSH? I read it can enable by some clicks in cPanel or other hosting panels.
See this guide: https://letsencrypt.org/getting-started/
If your host uses cPanel and has it updated will have AutoSSL, which has the ability to be Let's Encrypt issued. You're best off contacting your host.
 

HostBastic

Well-known member
Joined
Nov 17, 2016
Messages
316
Best answers
1
Ratings
39 2
Points
28
#6
If I am using Cloudflare, it should use SSL from them?
If you are going to use Cloudflare just use them as a CDN.


Definitely Cloudflare is having problems, can I install Letsencrypt from SSH? I read it can enable by some clicks in cPanel or other hosting panels.
Some providers offer the option of a shared free SSL such as Comodo,symantec, etc,.. for their shared hosting accounts, which would be a better option than a free self-signed SSL. If your hosting provider doesn't offer Letsencrypt its better to contact them or buy a cheap Positive SSL for around 10$/year.
 

austenite

Well-known member
Joined
Feb 15, 2017
Messages
98
Best answers
0
Ratings
9 1
Points
8
#7
LetsEncrypt is a real SSL that encrypts traffic between your site and your server, giving your visitors privacy.

Cloudflare SSL is a certificate that you share with lots of other websites, it will encrypt traffic between your site and cloudflare but it's then unencrypted when it hits the cloudflare network. If you also have an SSL certificate installed on your site it'll then be encrypted again and sent to the server, if not then the request is sent directly to the server.
 

Lampard

Active member
Joined
Jan 28, 2017
Messages
80
Best answers
0
Ratings
2
Points
8
#8
I have seen that Lets Encrypt SSL is used by so many website, now you even have the one click ssl lets encrypt installer, so i would say that Lets Encrypt is best, easy to configure.
 

LarsJ

Active member
Joined
Sep 19, 2016
Messages
75
Best answers
0
Ratings
9
Points
8
#10
I don't see why that would cause conflicts on your site...
Also, for Cpanel hosted accounts, once you enable their AutoSSL websites are automatically secured with the Domain Validated SSL certificate. https://blog.cpanel.com/autossl/
 

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
343
Best answers
0
Ratings
22
Points
18
#11
If you are going to use Cloudflare just use them as a CDN.
This telling that you are suggesting not use SSL from Cloudflare?

Some providers offer the option of a shared free SSL such as Comodo,symantec, etc,.. for their shared hosting accounts, which would be a better option than a free self-signed SSL. If your hosting provider doesn't offer Letsencrypt its better to contact them or buy a cheap Positive SSL for around 10$/year.
Why type of hosting providers that Letsencrypt doesn't work on? I think it depends on my using hosting control panel.
 
Joined
Feb 17, 2017
Messages
51
Best answers
0
Ratings
8
Points
0
#12
We have been using Lets encrypt SSL and no hard work at all. It going fine with all cpanel users and automatically renew after the grace period ends. I'm not confident with cloudflare ssl may be I am more comfortable with what cpanel provides.

:eek:
 

PeterH88

New member
Joined
Mar 19, 2017
Messages
8
Best answers
0
Points
0
#14
While Let's Encrypt looks like a really good and simple solution for SSL, CloudFlare has the advantage of being a Content Delivery Network which should come with the advantage of speeding up the forum a bit.
 

Sam_NH

New member
Joined
Mar 26, 2017
Messages
5
Best answers
0
Points
0
#15
Sam_NH
Does the CloudFlare come on the free plan, would be interested to know. And also I think we should say RIP to Let's Encrypt as browsers are soon to notice the free SSL - I say Google will be the pioneers of this.
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#16
Hey there, LetsEncrypt SSLs are high-grade SSL certificates that pass https://www.ssllabs.com/ssltest/ standards. If you have letsencrypt ssl that is installed perfectly you will get a+ grade domain validates SSL. This is more than enough and it also work seamlessly with http2 and other latest protocols and http strict transport protocol.

On the other hand cloudflare is not completely end to end encrypted. IT gives flexible ssl , full ssl and origin pull ssl. In these options only felxible ssl is 1 click. And easy to setup for normal users, other methods need technical knowledge and most users cannot install origin pull certificates, because they do not know how to setup it properly.

Now, flexible ssl enrypts traffic only in between your users browsers and cloudflare. But end to end encytpion means, user<->cloudflare<->yoursever all traffic must pass in enrcypted layer. So, cloudflare is not preferable to use for SSL from security point of view. Another thing is there are lots of issues with cloudflare

1. If you use cloudflare dns and cdn and ssl then https://yourdomain.com/cpanel will result in broken interface. As cloudflare caching does not work properly with cpanel.
2. In some countries or regions, cloudflare servers are not optimal (free plan) and they perfom much slow than your original server.
3. Felixble SSL does not encrypt end to end communication, so man in the middle attacks are still possible
4. Cloudflare offer shared SSL certificates in free user plan, so its not as good ad they paid plan SSL.
5. If you are wordpress user and looking to optimize for Google page speed score, you will find it difficult to use plugins like w3tc and cloudflare in combination with https..seems to not work as expected as per our testing.

If you have letsencrypt ssl installation offered by your web hosting company. Use letsencrypt and enjoy the best security for free.

Thanks
 

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,517
Best answers
4
Ratings
392 12
Points
83
#17
Now, flexible ssl enrypts traffic only in between your users browsers and cloudflare. But end to end encytpion means, user<->cloudflare<->yoursever all traffic must pass in enrcypted layer. So, cloudflare is not preferable to use for SSL from security point of view. Another thing is there are lots of issues with cloudflare
With Cloudflare full or full (strict) SSL , you have a complete end to end encryption. Flexible SSL should be used only for testing purposes.

Cloudflare offer shared SSL certificates in free user plan, so its not as good ad they paid plan SSL.
The only difference between shared SSL and paid plans is the domain associated with the SSL certificate. But it doesn't have any impact on the security. All my websites score A+ at ssllabs.com with Cloudflare SSL.

If you are wordpress user and looking to optimize for Google page speed score, you will find it difficult to use plugins like w3tc and cloudflare in combination with https..seems to not work as expected as per our testing.
Just don't use w3tc... With Cloudflare you can easily set the Browser cache expiration of all your assets and you just have to use a plugin like autoptimize to minify your css and js.

The only reason to choose Let's Encrypt instead of Cloudflare SSL is if you need to be PCI Compliant to process Credit Card payment, because Cloudflare free plans doesn't use only TLS 1.2.
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#18
With Cloudflare full or full (strict) SSL , you have a complete end to end encryption. Flexible SSL should be used only for testing purposes.
Yes, you are right, but normal users who are not technically knowledged enough to install self signed ssl at server end and then enable full (strict) mode on cloudflare end.They may not be able to setup that strict ssl part. So that is my point, its the ease of use, that matters to users at the end of the day and your point is valid.

Just don't use w3tc... With Cloudflare you can easily set the Browser cache expiration of all your assets and you just have to use a plugin like autoptimize to minify your css and js.
W3TC is needed not just for caching alone, but also for database caching, fragment caching redis and some other stuff, so cloudflare does not work when user need to use w3tc and cloudflare together.

There will be some people who will want to get 100/100 score on page speed insghts, then in that case with cloudflare its not possible. As assets are not in our control. Where as if we do not use cloudflare we can achive this 100/100 score and we did already once.

So this is like special case and may not apply to everyone, but from majority of peoples view, for them using w3tc is more important due to various reasons. All in all cloudflare as free service is doing its job, but letsencrypt adds more compitability with things. So my vote goes for letsencrypt in this case.

Thank you.

Lets see what the thread opener says.
 
Last edited:

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,517
Best answers
4
Ratings
392 12
Points
83
#19
Yes, you are right, but normal users who are not technically knowledged enough to install self signed ssl at server end and then enable full (strict) mode on cloudflare end.They may not be able to setup that strict ssl part. So that is my point, its the ease of use, that matters to users at the end of the day and your point is valid.
If users can install letsencrypt certificates, they can easily install Cloudflare SSL full.


W3TC is needed not just for caching alone, but also for database caching, fragment caching redis and some other stuff, so cloudflare does not work when user need to use w3tc and cloudflare together.

There will be some people who will want to get 100/100 score on page speed insghts, then in that case with cloudflare its not possible. As assets are not in our control. Where as if we do not use cloudflare we can achive this 100/100 score and we did already once.

So this is like special case and may not apply to everyone, but from majority of peoples view, for them using w3tc is more important due to various reasons. All in all cloudflare as free service is doing its job, but letsencrypt adds more compitability with things. So my vote goes for letsencrypt in this case.
There are several other plugins for database or object cache, especially if you are using redis : Redis-Object-Cache
And you can score 100 on pagespeed insights with Cloudflare :

 
Joined
Mar 30, 2017
Messages
16
Best answers
0
Ratings
2
Points
0
#20
You can install cloudflare SSL easily and it's best also. Let's encrypt also pretty much awesome
 
Joined
Jun 19, 2017
Messages
50
Best answers
0
Points
6
#24
Let's Encrypt!!
 

overcast

Well-known member
Joined
Jun 27, 2017
Messages
88
Best answers
0
Ratings
2
Points
0
#25
Let's assume you are in scenario of free SSL. In such case compared to Cloudflare, you are better off with the Let's encrypt. Because the free plans have their SSL limitations with cloudflare. And for this reason you can make use of the Let's encrypt SSL. You get everything that is being offered by the Cloudflare and even more. You can try cloudflare and if you don't find it useful enough, you can switch to Let's encrypt in Cpanel.
 
Latest Threads
Replies
0
Views
1
Replies
0
Views
9
Replies
0
Views
9
Replies
2
Views
38
Replies
4
Views
21
Recommended Threads
Replies
3
Views
1,229
Replies
16
Views
1,718
Replies
1
Views
716
Replies
0
Views
1,100
Replies
9
Views
1,431

Latest postsNew threads

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top