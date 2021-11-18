I found this reply to a post I made on Cloudflare and is from a member of the Cloudflare team, it is quite helpful in understanding the Cloudflare SSL levels
"Hi, let me clarify the SSL levels for you.
So there is the Flexible level, which definitely falls into the “impression of security” category. It shows an HTTPS connection to the visitors, but Cloudflare will connect via plain HTTP to the origin.
Then there is the Full option (non-strict). Lots of users have expired or self-signed certificates on their origin and don’t want their sites to be down if they forget to update their certificate regularly. These certificates can still be used to encrypt data however. This means the data is fully encrypted, but any certificate would work and therefore certain attacks would still be possible.
The Full (Strict) option is the most secure, but requires you to keep your origin’s certificate valid and up to date at all times. You can use paid certificate authorities, but also free ones like LetsEncrypt or Cloudflare Origin CA. If the SSL certificate ever expires on your origin and if you don’t renew it in time, then your site might be down."
I was also told
“You should not have Full in the first place, so there’s no question to begin with. Install a certificate on your server and use Full strict.”
I hope this helps. Basically after much investigation I decided the free SSL from Cloudflare was not worth implementing, and was complicated. So I changed my Hosting to www.hostpresto.com because they offered so much for 6 - 10GBP per month as a package including free SSL, unlimited databases, unlimited bandwidth, unlimited storage 24 hour support and much more. I have been extremely happy ever since.