Learn about Centmin Mod LEMP Stack today
Become a Member

Any downside to using centmin 22 with cloudflare flex SSL instead of Let's Encrypt ?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Benjamin74, Sep 18, 2017.

  1. Benjamin74

    Benjamin74 Member

    32
    2
    8
    May 2, 2016
    Ratings:
    +5
    Local Time:
    11:46 PM
    Hello folks,

    Since I'm not really skilled admin-wise I would like to "Keep It Simple Stupid" as much as possible.

    I'm really happy with my WP option 22 installs, works wonderfully. However I need a few WP installs to have SSL.

    Here is my question, hopefully someone can answer that one easily : is there any real downside to using CloudFlare "Flex" SSL instead of doing the full Let's Encrypt installation ?

    i.e.: is a simple WP option 22 + CloudFlare Flex SSL a pretty good setup or is it crappy / very limited and will cause problems later on ?

    Thanks a lot,

    Cheers,

    PS: in case you're wondering: I just need SSL because I have forms hosted on these sites and it'll soon become not user friendly to have forms without SSL.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,569
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,274
    Local Time:
    8:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    No downsides i can think of other than cloudflare free ssl is ECC 256bit ECDSA ssl certs so older clients/browsers and tools might not connect via HTTPS i.e. older versions of curl used in some OSes. If you move to cloudflare paid plans, they have RSA 2048bit SSL certs (also letsencrypt default) which has wider compatibility.
     
    • Like Like x 1
  3. Benjamin74

    Benjamin74 Member

    32
    2
    8
    May 2, 2016
    Ratings:
    +5
    Local Time:
    11:46 PM
    Awesome, thanks for clarifying that !!
     
  4. Benjamin74

    Benjamin74 Member

    32
    2
    8
    May 2, 2016
    Ratings:
    +5
    Local Time:
    11:46 PM
    Hummm, it seems like if I want to use CloudFlare flex SSL certificates I also need to have CloudFlare caching (which never made my CentMinMod sites faster...)

    It seems like a workaround would be to run a CRON job that make sure the website is always in development mode, since (apparently) the development mode let you have SSL but no caching.

    Cloudflare API documentation v4

    I'm wondering if anyone has tried that already ?

    Or am I the only one that has seen a speed decrease using CloudFlare compared to using CentMinMod alone (?)

    Cheers,

    PS: most of my visitors are within a 800 miles radius, so this could explain why in my case CloudFlare caching doesn't help at all.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,569
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,274
    Local Time:
    8:46 AM
    Nginx 1.13.x
    MariaDB 5.5
    implemented cloudflare page rules for fine tuning caching ? how are you measuring speed ? test with webpagetest.org from various geographic locations

    Centmin Mod nginx ngx_pagespeed wouldn't work well with Cloudflare caching as ngx_pagespeed uses no-cache header which tells Cloudflare not to caching normally. So don't use ngx_pagespeed with Cloudflare.
     
  6. Benjamin74

    Benjamin74 Member

    32
    2
    8
    May 2, 2016
    Ratings:
    +5
    Local Time:
    11:46 PM
    I'm always using webpagetest.org but obviously since my visitors are pretty close to my server location (800 miles radius max) I guess CloudFlare doesn't help in that situation...

    Is ngx_pagespeed enabled by default ? I didn't think so (?) I'll have a look at that.

    Thanks for the pointers !
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,569
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,274
    Local Time:
    8:46 AM
    Nginx 1.13.x
    MariaDB 5.5