Home Web Hosting How to Configure SSL Certificates with Cloudflare: A Shared Hosting Guide

How to Configure SSL Certificates with Cloudflare: A Shared Hosting Guide

Last updated on Aug 08, 2025

How to Configure SSL Certificates with Cloudflare: A Shared Hosting Guide

Description

This comprehensive guide will help you configure SSL certificates correctly when your domain uses Cloudflare DNS with Brixly shared hosting. We’ll cover step-by-step instructions, best practices, common pitfalls, and troubleshooting—all tailored for customers with basic technical knowledge.

Table of Contents

  1. Introduction
  2. Understanding Cloudflare SSL Modes
  3. Step-by-Step Guide: Setting Up SSL with Cloudflare
  4. Troubleshooting & Common Issues
  5. Best Practices
  6. FAQ

Introduction

Using Cloudflare as your DNS provider offers many benefits—including DDoS protection and fast global CDN—but it can introduce confusion when securing your website with SSL/TLS. This article explains how to correctly set up SSL certificates for websites on Brixly shared hosting when you use Cloudflare DNS.

Understanding Cloudflare SSL Modes

Cloudflare offers four SSL modes. For most shared hosting customers, Full or Full (Strict) are recommended.

SSL Mode Description Recommended?
Off No SSL between Cloudflare and your site (not secure) ❌ Not recommended
Flexible SSL between visitor & Cloudflare only (not secure end-to-end) ❌ Not recommended
Full SSL between visitor & Cloudflare and Cloudflare & your hosting (uses self-signed OK) ✅ Acceptable
Full (Strict) SSL everywhere; Cloudflare requires a valid certificate on your hosting (recommended) ✅ Best practice

**Note:**Always aim for Full (Strict) if your hosting provides a valid SSL certificate.

Step-by-Step Guide: Setting Up SSL with Cloudflare

1. Prepare Your Domain for Cloudflare

Before making any DNS changes, ensure:

  • Your website is already set up and working on Brixly shared hosting.
  • You can log in to your cPanel.

2. Point Your Domain to Cloudflare

  1. Sign up for a Cloudflare account.
  2. Add your domain to Cloudflare and follow the wizard.
  3. Cloudflare will detect your existing DNS records—confirm they match those in cPanel (especially A, CNAME, and MX records).
  4. Cloudflare will display new nameservers to use.Update your domain’s nameservers at your registrar to the Cloudflare values.

**Example:**If your registrar is Namecheap, update the nameservers in your Namecheap dashboard.

3. Configure SSL Settings in Cloudflare

  1. In the Cloudflare dashboard, go to the SSL/TLS section.
  2. Set the SSL mode to Full (Strict) if your site already has a valid SSL certificate.Otherwise, use Full.
  3. Leave “Always Use HTTPS” off for now (we’ll enable it after SSL is working).

4. Issue an SSL Certificate in cPanel

You must ensure your hosting still issues an SSL certificate, even though Cloudflare proxies traffic.

Important:

Cloudflare’s orange cloud icon means your proxy is on. This can block cPanel’s AutoSSL from validating your site.

**Solution:**Temporarily pause or “grey cloud” (DNS-only mode) your main domain and www in Cloudflare while issuing the certificate.

Steps:

  1. Log in to Cloudflare:
    • Go to the “DNS” tab.
    • Click the orange cloud next to your main domain and www to turn it grey (DNS only).
  2. Log in to cPanel:
    • Go to SSL/TLS Status or Let’s Encrypt™ SSL (depends on your hosting panel).
    • Click Run AutoSSL or Issue Certificate for your domain.
  3. Wait a few minutes for the certificate to be issued.
  4. Return to Cloudflare:
    • Turn the clouds back to orange to re-enable proxy.

Example Screenshot

Record Type Name Proxy Status
A yourdomain.com :grey_cloud: DNS Only (during SSL issue)
CNAME www :grey_cloud: DNS Only (during SSL issue)

5. Test and Verify Your SSL

  • Visit your website:https://yourdomain.comThe browser should show “secure” (padlock icon).
  • Use SSL Labs SSL Test to check certificate validity.
  • If all is well, enable “Always Use HTTPS” and “Automatic HTTPS Rewrites” in Cloudflare for best results.

Troubleshooting & Common Issues

SSL Certificate Won’t Issue

  • **AutoSSL fails with DNS errors:**Make sure Cloudflare proxy is off (grey cloud) during certificate issuance.
  • **Error: No valid certificate found on origin:**Re-run AutoSSL in cPanel after disabling Cloudflare proxy.

Redirect Loops

  • Cloudflare “Flexible” mode is enabled while your hosting forces HTTPS.Solution: Use Full (Strict) mode and ensure your hosting has a valid SSL.

Mixed Content Warnings

  • Some images or scripts still use http:// URLs.Solution: Enable “Automatic HTTPS Rewrites” in Cloudflare, and update your site’s links to use https://.

Best Practices

  • Always use Full (Strict) mode for security.
  • Re-issue SSL certificates when adding new subdomains.
  • Keep DNS records in Cloudflare up to date with cPanel.
  • After SSL works, enable both “Always Use HTTPS” and “Automatic HTTPS Rewrites” in Cloudflare.
  • Use cPanel File Manager or FTP to update site links/images to https://.

FAQ

**Q: Do I need to buy an SSL certificate if I use Cloudflare?**A: No, you can use the free SSL provided by your hosting (AutoSSL/Let’s Encrypt) and Cloudflare’s free SSL.

**Q: Can I leave Cloudflare proxy enabled while issuing SSL?**A: No, you must temporarily disable the proxy (grey cloud) so AutoSSL can validate your domain.

**Q: My site says “Deceptive Site Ahead” or “Insecure.”**A: Check that your SSL certificate is valid and you are not using Cloudflare’s “Flexible” mode.

For further issues, please consult our support articles or submit a support ticket—our team is here to help!