Cloudflare's SSL options have mixed compatibility with Rebrandly's built-in SSL encryption.
Understanding Cloudflare's SSL features
Cloudflare offers various SSL options, including the basic "SSL: Flexible." This setting routes HTTPS traffic through Cloudflare servers, but forwards data to Rebrandly in plain HTTP. While convenient, it's less secure and bypasses Rebrandly's built-in SSL certificates issued by Let's Encrypt.
Rebrandly's SSL capabilities
Rebrandly provides free, automatic SSL certificates for all branded domains, ensuring secure connections. However, these certificates conflict with Cloudflare's "Flexible" setting.
Optimizing Security for advanced needs
If you need stricter security ("SSL: Full" or "SSL: Full (strict)"), we can't guarantee compatibility with Rebrandly due to missing HTTP support from Cloudflare.
Our team developed a custom balancing workaround for these scenarios. This requires a manual DNS configuration on your end.
We do not guarantee any long-term functionality of this proxy setup, as we have no control over changes Cloudflare may apply to its terms and conditions, technologies, validation algorithms and security concerns over time. Always check Cloudflare's latest documentation for details.
Access your Cloudflare dashboard: Navigate to the DNS section.
Create a CNAME record: Set the record name to your domain (e.g., "davide.link") and point it to "proxies.rebrandlydomain.com."
Verify the configuration: After saving, you should see "is an alias of proxies.rebrandlydomain.com."
This workaround leverages a long-term HTTPS address ("http://proxies.rebrandlydomain.com"). However, due to potential changes in Cloudflare's policies or technology, we cannot guarantee its functionality in the future.
Since Cloudflare is showing a Challenge CAPTCHA, our validation system is prevented from reading the content. To fix this, you’ll need to set up a WAF rule in Cloudflare to allow requests to /.well-known/rebrandly path. Here’s how to do it:
In your Cloudflare dashboard, navigate to the WAF/Security section
Create a new WAF rule using the manual expression editor
Use this expression for any hostname: (starts_with(http.request.uri.path, "/.well-known/rebrandly"))
Use this expression for a specific hostname: (http.host eq "example.com" and starts_with(http.request.uri.path, "/.well-known/rebrandly"))
This will allow automated systems to access the specified path without triggering Cloudflare’s CAPTCHA challenges. See this Cloudflare community article for details.
After implementing the workaround, thoroughly test your HTTPS links and report any issues to Rebrandly support.
By understanding Cloudflare's features and Rebrandly's capabilities, you can choose the best SSL configuration for your specific needs.