Is it possible to use Cloudflare's proxy functionality with Let's Encrypt on Forge

1. Cloudflare Provides Free SSL Certificates: Cloudflare provides free SSL/TLS certificates to all connected domains and their first-level subdomains. These certificates are automatically enabled on all domains and subdomains that have Cloudflare's proxy functionality enabled.

2. Limitations with Nested Subdomains: However, if you have multiple nested subdomains (e.g. `staging.api.example.com`), the universal Cloudflare certificate may not cover those domains. This can cause issues like the `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` error.

3. Integrating Let's Encrypt with Cloudflare on Forge: Forge supports integrating Let's Encrypt with Cloudflare for obtaining SSL/TLS certificates, including support for wildcard subdomains. To do this, you need to provide Forge with your Cloudflare API credentials, which must have the necessary permissions.

4. Disabling Cloudflare Proxy for Nested Subdomains: If your application requires multiple nested subdomains, it's recommended to disable Cloudflare proxying and use a traditional SSL certificate for your Forge site instead. This will ensure proper SSL/TLS coverage for all your subdomains.

In summary, you can use Cloudflare's proxy functionality in combination with Let's Encrypt on Forge, but it may not work well if you have complex subdomain setups. In those cases, it's better to disable Cloudflare proxying and use a traditional SSL certificate managed by Forge and Let's Encrypt.

The key is to carefully evaluate your application's domain and subdomain requirements to determine the best approach for securing your site with SSL/TLS certificates.