# Custom SSL

## Prerequisites

First ensure your pod has a custom DNS assigned to it.  This guide shows you how:

{% content-ref url="/pages/AxsBhGv6h4Tv3sIuF4Fh" %}
[Custom DNS](/stackos-docs/operations/custom-dns.md)
{% endcontent-ref %}

## Choose your SSL Mode

Flexible SSL encrypts the data from Cloudflare to the End User, but does not enforce encryption between your Pod and Cloudflare.  This is fine for most cases where information is meant to be public (most informational websites and DApps without user specific info being served)

Strict SSL encrypts the data both from CloudFlare to the End User as well as the data between your Pod and Cloudflare.  This is best when you are serving sensitive data such as personal user info (common with Web2 based sites with personal information kept behind a login)

Flexible provides the fastest setup and Strict provides a more complete encryption solution with a few more technical steps.

Both options are completely valid which is why they are both supported.  Pick the one that matches your requirements best.

## Cloudflare Flexible SSL

In CloudFlare, navigate to SSL/TLS > Overview

![](/files/WDhrK9vyzfE9P94uDNdi)

Select Flexible 

![](/files/PpeQzn3Rf0ZdGb0PKYqh)

## Cloudflare Strict SSL

The following will REQUIRE you to use Cloudflare to create an SSL Certificate.  

## Generate Origin Certificate

Go to your domain in Cloudflare and manage your "Origin Server" certificate

![](/files/LgTdG2ZrFV8YX9KEal9j)

Create a Certificate

![](/files/Z0pt7NOn49gMir0mWood)

Configure your certificate type, domains and lifetime

![](/files/v2stm5ZYJgSjG9yTruS0)

Copy the Certificate and Key and paste into StackOS Pod Configuration

![](/files/3cTTOqa3Fi6OFKZlnN4n)

![](/files/ND1fAwLswWpn5HCzzXBp)

Your should see your certificate listed

![](/files/IMMCyFBq2ashMqfdkzzg)

## Enable Cloudflare Strict Mode

Activate this style of Origin certificate in two ways:

1\) By default for all subdomains of your domain

2\) ONLY for a single domain.

### For all subdomains

![](/files/xP6ecMleVBhJS4lPBwtn)

### For a single domain

Go to Rules > Page Rules

![](/files/mPcBNRzYquGu6NGDQD4R)

Create Page Rule

![](/files/fEx640cUapu0Qxu0KK6z)

Configure Page Rule

![](/files/zk232j7j7U9iUwFOZXUO)

Resulting Page Rule

![](/files/9QbUhx8GlFZFAghz3yyi)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stackos.io/stackos-docs/operations/custom-ssl.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.