Cloudflare vs Letsencrypt

WordPress users can encrypt their website traffic for free using Cloudflare or Let’s Encrypt. Why use SSL? When Google, the search engine giant, announced that HTTPS is a ranking signal and major browsers started showing warning messages to users when they opened insecure websites i.e. HTTP only sites, there was no option for webmasters but to encrypt the website’s traffic using SSL/TLS. You can buy a Secure Sockets Layer certificate for cheap or use free Secure Sockets Layer certificates.

Before free Secure Sockets Layer certificates were introduced, website owners/admins purchased an SSL certificate from organizations such as DigiCert, GlobalSign, Namecheap, etc. The companies are still selling the certificate, but their Secure Sockets Layer cert business might have been badly affected.

Some of the largest internet companies back Let’s Encrypt. Cloudflare is considered to be an excellent alternative to Let’s Encrypt.

Let’s Encrypt


The Let’s Encrypt Secure Sockets Layer certificate was introduced in 2016. Within six years, it has become a leading Certificate Authority globally. According to Wikipedia, over 265 million websites use it instead of paid Secure Sockets Layer certificates.

Some hosts provide a one-click HTTPS activation tool. This tool will set up a Let’s Encrypt certificate on your site automatically. It will also let you redirect the traffic from HTTP to HTTPS. If you’re an unmanaged hosting service user, you have to install the Let’s Encrypt certificate manually. Let’s Encrypt developers have launched a tool called Certbot for this task. Certbot is an interactive command-line tool that can enable its SSL on the server, redirect HTTP URLs to HTTPS, etc.

Certbot reads the Nginx/Apache configuration file and shows a list of domains for which you want to install the certificate. One certificate will be used for all websites hosted on the server. Once the domains are displayed in the console, you must select the domains for which you want to enable the SSL certificate. You’ll be asked whether you want to redirect the domains to HTTPS or not. The validity of the Secure Sockets Layer certificate installed by the Certbot is 90 days. Once the certificate expires or is due to expire, you can renew it with Certbot. Why is renewal important? If the certificate’s validity expires, you’ll see an error while browsing the HTTS-enabled website.

If your server hosts a single site, the Secure Sockets Layer certificate will have only one domain. If you’re hosting several sites, all sites will share the same certificate.


Cloudflare SSL

Cloudflare, one of the largest CDN companies, introduced universal SSL in 2014. It issues certificates from one of these CAs – Let’s Encrypt, GlobalSign, DigiCert, and Comodo. It is relatively easy to set up SSL with CF, no matter what hosting service you’re using. The method to activate a Secure Sockets Layer certificate is the same for managed and unmanaged hosting service users.

To activate the CF SSL certificate, log in to the CF dashboard and choose the domain for which you want to activate HTTPS. Now, click the SSL TLS option and choose the encryption mode you want CF to use for your site. You can select one of these three encryption modes – Flexible, Full, and Full (Strict).

According to Cloudflare, Flexible mode encrypts the traffic between the CF server and the browser. The Full mode encrypts the end-to-end traffic with a self-signed Secure Sockets Layer certificate. Full Strict mode requires a CA-signed certificate on your server.

Cloudflare functions as a reverse proxy and caches the pages of your site on its servers. The communication between your server and its servers isn’t encrypted unless you’ve activated SSL for your site before activating the CF Secure Sockets Layer certificate.

Plugins: You won’t find Let’s crypt plugins in the WordPress repository, but you will discover some Cloudflare SSL plugins.

Not shared: Unlike Let’s Encrypt, which uses the same certificate for multiple sites, Cloudflare issues a different certificate to each domain.

Renewal: If you’re a user of an unmanaged website hosting service and unless you’ve set up a cronjob to renew the SSL certificate before its expiry date, you’ll have to renew the certificate manually. Cloudflare, on the other hand, will automatically renew your certificate.

GUI: In some cases, you have to install a Let’s Encrypt certificate manually. You don’t have to learn anything to do so. On the Cerbot website, you can generate a tutorial on installing Secure Sockets Layer certificates. To see the tutorial, you must choose the web server and operating system. You can enable SSL for your site with a few clicks of a button with Cloudflare.

Expiry: CF certificates expire after a year, while Let’s Encrypt has a validity of 90 days only. You’ll get Secure Sockets Layer certificate renewal reminder emails in your inbox.

Ease of use: Enabling a Cloudflare SSL certificate for a new site is easy. Let’s Encrypt users who don’t use cPanel must add a domain to the certificate manually with Certbot.

Support: Both organizations have very active support forums where people discuss various issues related to Secure Sockets Layer. The questions are often answered by experts.

Setup time: Your site will be SSL-ready with Cloudflare in no time. If the hosting company doesn’t provide a one-click HTTPS option in the hosting control panel, you must set up Let’s encrypt manually.

Finally, you can use both at the same time i.e. You can use Let’s Encrypt to encrypt the traffic from your server to the Cloudflare server and Secure Sockets Layer for encrypting the traffic between the website visitor’s browser and the CF CDN servers.

Closing words: Secure Sockets Layer certificate is now used on most sites you’ll find online. SSL/HTTPS is a sign of trust. To enable HTTPS, a user should install a Secure Sockets Layer certificate on the server. If you were using a paid SSL solution for your site and no longer want to use it, you can switch to Cloudflare or Let’s Encrypt. If your site is HTTP only, you can use Let’s Encrypt or Cloudflare to enable HTTPS.


Pramod is the founder of wptls. He has been using WordPress for more than nine years. He builds web applications, and writes about his experiences with various WP products on this site.

Leave a Reply

Your email address will not be published. Required fields are marked *