Skip to content
Visit SSL on GitHub
Set theme to dark (⇧+D)

Enable Universal SSL

Authoritative (Full) domains

For an authoritative or full domain — domains that changed their domain nameservers – Universal SSL requires two steps:

  1. Once you change your domain nameservers, your domain should receive its Universal SSL certificate within 24 hours.
  2. Your SSL/TLS mode defaults to Flexible, which encrypts traffic between a site visitor and Cloudflare (but not Cloudflare and your origin server). To encrypt traffic between Cloudflare and your origin server, see SSL modes and Origin CA certificates.

Non-authoritative (Partial) domains

For non-authoritative or partial domains (domains on a CNAME setup), Universal SSL will be: