Setting up site security/accelerator services like CloudFlare and Sucuri with Pagely
Last Updated -
Purpose
This article will discuss how to properly set up your WordPress Application hosted at Pagely with site security/accelerator services such as...
- CloudFlare
- SiteLock
- Sucuri
- Fastly
- Incapsula
How do I use Let's Encrypt at Pagely with these services?
The rule with any service that sits in front of your Pagely site is that you have to setup SSL there first before you setup SSL here at Pagely. SSLs at these services have many names, but underneath serve the same purpose.
Can I just use Let's Encrypt at Pagely?
The only scenario where this will work is if you stop using these services and point your site directly to Pagely. If you use one of these services with Let's Encrypt (or any certificate installed at Pagely), you must enable SSL there first.
For example at CloudFlare...
You'd have FLEXIBLE SSL enabled FIRST, then enable Let's Encrypt, or install your SSL cert at Pagely.
For example at Sucuri...
You'd have to enable PARTIAL_SSL in the Sucuri console as well as the option for "Forward Certificate Validation". You may need to contact Sucuri support for them to enable "Foward Certificate Validation" as well as provision a Let's Encrypt certificate for their services on your behalf.
If you are using both Cloudflare and Sucuri in combination, please refer to this Sucuri KB article for more information.
Once a Let's Encrypt certificate has been successfully generated and linked to your domain, you can go ahead and re-enabled "Full SSL" at both Cloudflare and Sucuri, however for Sucuri, leave the "Forward Certificate Validation" option enabled for the lifetime of the domain.
Can I just use the site security/accelerator service's SSL?
This should be fine. In general whatever is "in front" is the most important part of encryption.