Replies: 1 comment
-
|
Well, for one thing if there is an issue with CF certs, your site would still be functional with LE certs. So, there's that. The downside (as is correctly pointed out in the guide) is that you could have a problem with LE and never really know it once CF certs are enforced. They're going to always show as published certs with Strict setting to my understanding. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
To clarify - after one makes sure that their LE certs are being generated appropriately (by first having CF Proxy turned off while starting up the docker-compose, ensuring LE can generate, valid acme.json etc etc), you turn on your CF Proxy again (ie. orange cloud). When you do so, are your client-side certificates relegated back to CF-generated ones as opposed to your LE ones?
I'm scratching my head here - I can't seem to find a solution whereby I have CF Proxy turned ON, with SSL/TLS turned to Full (Strict), and still seeing LE certificates client-side. They always get overridden by CF certificates, which makes me wonder as to why we go through the process of generating LE certs in the first place.
Can someone shed some light here? I've spent all day messing with CF SSL/TLS configs to try and get CF Proxy turned on while still utilizing LE certs...
Beta Was this translation helpful? Give feedback.
All reactions