Skip to content
Visit SSL on GitHub
Set theme to dark (⇧+D)

Enable Universal SSL

Authoritative (Full) domains

For an authoritative or full domain — domains that changed their domain nameservers – Universal SSL requires two steps:

  1. Once you change your domain nameservers, your domain should receive its Universal SSL certificate within 24 hours. For more technical details, see Validating.
  2. Your SSL/TLS mode defaults to Flexible, which encrypts traffic between a site visitor and Cloudflare (but not Cloudflare and your origin server). To encrypt traffic between Cloudflare and your origin server, see SSL modes and Origin CA certificates.

Non-authoritative (Partial) domains

For non-authoritative or partial domains (domains on a CNAME setup), see our support article.

For additional info about changing your Domain Control Validation method, see Change DCV method.