Choosing the Right SSL Configuration for Your Rebrandly Links
When managing branded links, security and efficiency are both crucial. This article explores CloudFlare's SSL options and their compatibility with Rebrandly's built-in SSL encryption. We'll also provide a workaround for users who require CloudFlare's higher security settings ("SSL: Full" or "SSL: Full (strict)").
Understanding CloudFlare's SSL Features:
CloudFlare offers various SSL options, including the basic "SSL: Flexible." This setting routes HTTPS traffic through CloudFlare servers, but forwards data to Rebrandly in plain HTTP. While convenient, it bypasses Rebrandly's built-in SSL certificates issued by Let's Encrypt.
Rebrandly's SSL Capabilities:
Rebrandly provides free, automatic SSL certificates for all branded domains, ensuring secure connections. However, these certificates conflict with CloudFlare's "Flexible" setting.
Optimizing Security for Advanced Needs:
For users requiring stricter security ("SSL: Full" or "SSL: Full (strict)"), Rebrandly cannot guarantee compatibility due to missing HTTP support from CloudFlare. Here's a workaround:
- Custom Balancing with CNAME Record:
Our team developed a custom balancing solution for these scenarios. This requires a manual DNS configuration on your end.
- Access your CloudFlare dashboard: Navigate to the DNS section.
- Create a CNAME record: Set the record name to your domain (e.g., "davide.link") and point it to "proxies.rebrandlydomain.com."
- Verify the configuration: After saving, you should see "is an alias of proxies.rebrandlydomain.com."
Important Note:
This workaround leverages a long-term HTTPS address ("http://proxies.rebrandlydomain.com"). However, we cannot guarantee its functionality in the future due to potential changes in CloudFlare's policies or technology.
Testing and Support:
After implementing the workaround, thoroughly test your HTTPS links and report any issues to Rebrandly support.
By understanding CloudFlare's features and Rebrandly's capabilities, you can choose the best SSL configuration for your specific needs.
DISCLAIMER: We do not guarantee any long-term functionality of this proxy setup, as we have no control over changes CloudFlare service may apply to its terms and conditions, technologies, validation algorithms and security concerns over time.
This Article is About:
- DNS Configuration
- CloudFlare DNS Configuration
- Rebrandly SSL Certificates
See Also:
Comments
6 comments
Unfortunately, this did not work for me. However, I added in Cloudflare an A record for my subdomain pointing to 52.72.49.79 (as instructed on this page) and set the proxy status to "DNS only." It seems to be working now.
Hi Heather,
could I ask you to open a ticket on our support for managing your issue?
We will assist you with any issue.
You can do it into your dashboard or writing an e-mail to support [at] rebrandly [.]com
I have a couple of questions here...I could just ask directly on a ticket request, but might be useful for clarity overall:
First, when you are putting 'davide.link' here, are you referring to
-
a subdomain of the subdoman, e.g. little.links.yourwebsite
or
- the chosen subdomain alone, e.g. links
or
- the chosen subdomain and site, e.g. links.yourwebsite.com
or
- the chosen domain, e.g. yourwebsite.com
or...
Thanks,
2) Is it correct that if you are setting this up on Cloudflare, which presumably you would be, that whether Cloudflare is your Registrar or otherwise, you must make sure that the DNS Proxy is turned off for that record?
I notice that your site never sees the domain as verified until this is done.
Secondly here,
a) do you have to do this at the Cloudflare domain record?
b) do you have to do this at your own registrar's location, if you are using a different registrar and just using Cloudflare for your nameservers?
Just for further clarification on this, are things different if:
i) if Cloudflare is your registrar, maybe that makes a difference?
ii) if you pay for an upgraded certificate covering all local certificates (that seems to cause additional charges)?
3) Third question, and last one, re rhe CNAME record:
if this is a record that is at the top level (depends on the answer to the question 1 above), then presumably you cannot do this, and would need to use a DNAME record? that presuambly would have all kinds of problems, and CloudFlare does not do it automatically. I suppose it could be done by importing the BIND9 record into Cloudflare, but that seems way too much.
If it relates to the links (or whatever it is called) subdomain, then that seems to be impossible to do with the other setup arrangements you have, since you ask the user to set up the A records for those, which would be incompatible?
If you mean do this instead, then that would make more sense, but your programme then accepts verification of the site, but will also say that you have not set up the site, as it needs the A records too.
If you mean a subdomain of that subdomain, or setting up a separate subdomain, then it is unclear what the purpose of this here is, unless that is a configuration approach I do not know about but also, it would be difficult to see how it could work to do the role without further configuration, unless this is something that you are doing your side - if so can you explain that bit?
Another thing, is it possible to use the basic set up and the faster redirects (expert option) thing in the same way, or does special additional configuration need to be done if this is to be done on CloudFlare?
thank you!
Please sign in to leave a comment.