Cloudflare provide free SSL Certificates for your websites, and you can create a Cloudflare Origin Certificate for a domain to protect your domain and subdomains easily. The main advantage of using the Origin Certificate instead of Let’s Encrypt is it can be used to protect all your subdomains, you can issue it for up to 15 years and it will reduce the SSL handshake during the first connection.
It’s a certificate generated by Cloudflare and you can use it only with the Cloudflare proxy activated.
You can go into your Cloudflare account and click on “Create Certificate” to issue your origin certificate.
Let’s Cloudflare generate a private key for you and click on next to generate your certificate.
Cloudflare will create a private key, and your origin certificate. The default key format is PEM, you don’t need to change it.
Click on Add SSL/TLS Certificate :
Then fill the form with your informations, and copy the private key into Private key (*.key), your origin certificate into the Certificate (*.crt) and the Cloudflare Origin CA available below in CA certificate (*-ca.crt). You can find this Origin CA at the Cloudflare Website.
After that, you can set the SSL level to Full (strict) in the Crypto tab of you Cloudflare account :