Ssl mail with cloudflare


How can I setup Hestia together with Cloudflare.

I’ve been trying several options, none of them works. My last configurartion is:

At Hestia and at Cloudflare:

With these settings when I open in a browser it redirects to https// and shows too many redirects error.

What should be the correct dns settings at Cloudflare, as well as Hestia settings?

Your question really is better suited for Cloudflare since your picture indicates that you have proxied hostnames that need to be DNS Only.

Your ERR_TOO_MANY_REDIRECTS suggests that you may be using an insecure TLS setting in your Cloudflare. If you are using Flexible, you need to change it to Full (strict).

You can’t use Proxy for email disable them ,…

1 Like

With “Proxy Only” and changed from “Flexible” to “full (strict)” I got this at browser:


Where is my Roundcube now?

Can someone provide me a prinscreen of Hestia cp and Clouldflare with a working example?

Thank you.


I will not share printscreens. But i can try to explain how i have setup mine.

I have one “management domain” lets call it “manage.tld”
My server and my reverse DNS at the provider are "as all guides tell us to.

I have my “manage.tld” with Clouldflare, have these records:

  • ns1.manage.tld A record → “serverIP”
  • ns2.manage.tld A record → “serverIP”
  • @ A record → “serverIP”
  • manage.tld → “serverIP”
  • panel → “@”
    None of this are proxied.
    This makes me able to enter → and get the panel.
    If you want to use mail and FTP you need to forward this as-well. NO PROXY

For the domains i want to host and manage in are setting my name server to my ns1 and ns2. Then you internal dns will manage the rest.

When you now configuring mail the internal lets encrypt will handle SSL. Dont know if this answers you question of if i have missunderstudd your issue.

1 Like

Be sure to understand that using the same host for both ns1 and ns2 hostnames introduces a single point of failure where redundancy is normally provided. Please don’t use this configuration in a production environment.

This service can be moved to port 2083 and used with the Cloudflare proxy enabled.

1 Like

If you use Cloudflare the are 0 reasons to have them present…

Well know about that. Have not been coming around around to set up a second DNS server to ties in to this. Im thinking about setting up another CP instance and se if i can get those replicated. But at some point in our own small enviroments ill hit a single point destination. I`m hosting the main CP outside of my home.