Skip to main content

CloudFlare SSL Configuration Guide for Wordify

This guide outlines the recommended CloudFlare SSL settings for compatibility with Wordify's hosting infrastructure and Let's Encrypt.

Nick avatar
Written by Nick
Updated today

This guide outlines the recommended CloudFlare SSL/TLS settings for optimal compatibility with Wordify's hosting infrastructure and Let's Encrypt certificate management.

1 Recommended Settings Summary

For the best experience with Wordify, configure your CloudFlare SSL/TLS settings as follows:

  • SSL/TLS Encryption Mode: Full

  • Always Use HTTPS: Enabled

  • Automatic SSL/TLS: Disabled (use manual configuration)

2 SSL/TLS Encryption Mode: Full (Recommended)

2.1 Configuration Steps

  1. Log into your CloudFlare dashboard

  2. Navigate to SSL/TLS β†’ Overview

  3. Set your encryption mode to Full

2.2 Why We Recommend Full Over Full (Strict)

Full mode encrypts traffic between CloudFlare and your Wordify origin server, even if the origin certificate is self-signed, expired, or otherwise invalid. This provides several advantages:

  • Continuous Protection: Your site remains encrypted and accessible even during certificate renewal issues

  • Let's Encrypt Compatibility: Eliminates potential downtime during the Let's Encrypt certificate issuance or renewal process

  • Automatic Recovery: Sites continue to function normally while certificate issues are resolved in the background

Full (Strict) mode validates the origin server's certificate in addition to encrypting the connection. While more secure in theory, it can cause service interruptions if:

  • Let's Encrypt certificate renewal fails

  • There are temporary certificate validation issues

  • Origin certificates expire unexpectedly

Since Wordify manages SSL certificates automatically through Let's Encrypt, Full mode provides the optimal balance of security and reliability for production websites.

3 Always Use HTTPS: Enabled

3.1 Configuration Steps

  1. In CloudFlare dashboard, go to SSL/TLS β†’ Edge Certificates

  2. Enable Always Use HTTPS

3.2 Compatibility with Let's Encrypt

Enabling "Always Use HTTPS" is fully compatible with Let's Encrypt certificate validation on Wordify. This is particularly important because Let's Encrypt uses the HTTP-01 challenge method for domain validation.

CloudFlare Documentation Note:

"This process does not impact certificate validation. If you use HTTP DCV, you can still enable Always Use HTTPS."

Technical Background:

  • Let's Encrypt validates domain ownership using HTTP-01 challenges

  • This process requires accessing /.well-known/acme-challenge/ paths via HTTP (not HTTPS)

  • CloudFlare's "Always Use HTTPS" intelligently allows these validation requests while redirecting regular visitor traffic to HTTPS

How it works:

  • CloudFlare automatically redirects HTTP requests to HTTPS for visitors

  • Let's Encrypt HTTP-01 validation requests can still reach your Wordify origin server via HTTP when needed

  • The certificate validation process operates independently of the visitor-facing HTTPS redirect

This setting ensures all your website traffic is encrypted while maintaining seamless certificate management.

4 Why Avoid Automatic SSL/TLS Mode

While CloudFlare's Automatic SSL/TLS mode might seem convenient, it's not recommended for Wordify sites due to its limitations:

4.1 The Problem with Automatic Mode

CloudFlare's Automatic SSL/TLS mode has a critical limitation that can affect site availability:

CloudFlare Documentation Note:

"Automatic SSL/TLS will not change your setting to a less secure encryption mode. For example, if your origin certificate expires, the encryption mode will not change from Full (strict) to Full. You must ensure the validity of your origin SSL/TLS configuration at all times."

4.2 Potential Issues

  • No Automatic Fallback: If set to Full (Strict) and your origin certificate expires, Automatic mode won't switch to Full mode

  • Service Interruption: Your site could become inaccessible until certificate issues are manually resolved

  • No Self-Healing: Unlike manual Full mode, Automatic mode doesn't gracefully handle temporary certificate problems

4.3 Recommended Approach

Instead of relying on Automatic mode:

  1. Manually set your encryption mode to Full

  2. Enable Always Use HTTPS

  3. Let Wordify handle certificate management through Let's Encrypt

  4. Enjoy uninterrupted service even during certificate renewal cycles

5 Additional Considerations

5.1 Certificate Renewal Process

  • Wordify automatically manages Let's Encrypt certificate renewals

  • With Full mode, your site remains accessible during the entire renewal process

  • No manual intervention required from your side

5.2 Monitoring and Troubleshooting

  • Monitor your site's SSL status through CloudFlare's SSL/TLS dashboard

  • If you experience any SSL-related issues, verify your encryption mode is set to Full

  • Contact Wordify support if certificate issues persist beyond normal renewal periods

5.3 Security Note

While Full mode doesn't validate origin certificates, the connection between CloudFlare and your origin server is still encrypted. Combined with CloudFlare's edge security features, this configuration provides robust protection for your website visitors.

6 Summary

By following these recommended settings, you ensure:

  • Encrypted connections for all website visitors

  • Seamless compatibility with Let's Encrypt certificate management

  • Minimal risk of SSL-related service interruptions

  • Optimal performance and reliability for your Wordify-hosted website

For additional support with SSL configuration, please contact our technical support team.

Did this answer your question?