Custom Certificate
Learning Focus
By the end of this lesson you will know when to use a custom CA certificate instead of Cloudflare Origin CA.
When to Use a Custom Certificate
- You need the site to be accessible directly (without Cloudflare proxy)
- Your organization requires certificates from a specific CA
- You run services on the same server that are not behind Cloudflare
Options
| CA | Cost | Validity | Renewal |
|---|---|---|---|
| Let's Encrypt | Free | 90 days | Auto (certbot) |
| DigiCert | Paid | 1-2 years | Manual |
| Sectigo | Paid | 1-2 years | Manual |
| ZeroSSL | Free | 90 days | Auto |
Key Takeaways
- Use custom certificates when you need direct browser trust outside Cloudflare.
- Let's Encrypt is the most common free alternative with automatic renewal.
- Custom certs work with Full (Strict) if they cover the correct domain.
What's Next
- Continue to Let's Encrypt for free automated certificates.