Let's Encrypt with Cloudflare
Learning Focus
By the end of this lesson you will understand when Let's Encrypt is a good choice for Full (Strict) and the tradeoffs vs Cloudflare Origin CA.
When to Use Let's Encrypt
- You want the site accessible both through and without Cloudflare
- You need certificates trusted by all browsers directly
- You prefer industry-standard certificates
Comparison
| Feature | Cloudflare Origin CA | Let's Encrypt |
|---|---|---|
| Browser trust | Only via Cloudflare | Universal |
| Validity | Up to 15 years | 90 days |
| Renewal | Not needed | Auto (certbot) |
| Direct access | ❌ Untrusted | ✅ Works everywhere |
| Setup complexity | Lower | Slightly higher (certbot) |
Setup Reference
See Let's Encrypt Integration for full certbot installation and configuration steps.
Key Takeaways
- Let's Encrypt provides universal browser trust but requires auto-renewal every 90 days.
- Cloudflare Origin CA is simpler if traffic always flows through Cloudflare.
- Both work with Full (Strict) mode.
What's Next
- Return to Certificate Options overview.