How to setup free SSL certificate using Cloudflare
Website attacks are growing in numbers every day. Using https, for accessing websites and api can safeguard your communication from hackers. To utilize https, we have to setup SSL certificate.
Cloudflare free SSL certificate creates a safe connection for those kinds of activities. Before going to know how to setup free cloudflare ssl, let’s take a look at what is SSL certificate and why website need to install the ssl certificate onto its web server?
SSL stands for Secure Sockets Layer, the protocol which provides the encryption.So, SSL certificates are what make a website trusted and works as follows:
Previously switching your website from HTTP to HTTPS costs a lot. Thankfully Cloudflare have released a free version of SSL certificate to everyone who wants to use the SSL certificate for securing their website absolutely free of charge.
How To Generate Cloudflare Free SSL Certificate:
Step1: Log into your CloudFlare account.
Step2: In Crypto section of your Cloudflare dashboard. Click on the Create Certificate button in the Origin Certificates.
Step3: List your hostname in the filed for which you want to generate certificate and click next.
Step4: Now you get the Origin Certificate and Private key. You need to transfer both the origin certificate and private key from CloudFlare to your web server.
How To configure your Cloudflare to work through SSL:
To configure your Cloudflare to work through SSL, you have to login into your CloudFlare account. Then, In the configuration panel click on the Settings tab, you will see the SSL Support drop-down option.
you will see four options that you can choose from:
Off: No secure connection between your user’s browser and Cloudflare, and between Cloudflare and your web server.
Flexible SSL: A secure connection between your user’s browser and Cloudflare, but no secure connection between Cloudflare and your web server.
Full SSL: A secure connection between your user’s browser and Cloudflare, and also a secure connection between Cloudflare and your web server.
Full SSL (Strict): A secure connection between your user’s browser and Cloudflare, and also secure and authenticated connection between Cloudflare and your web server. This one is the most secure connectivity option you would like to choose.
How To configure Cloudflare free SSL on your Web Server :
Step1: Copy the key and cert pair to your origin web server.
Step2: Make a copy of virtual host configuration file on which your server is running. Assuming your server is running on the default configuration file, /etc/apache2/sites-available/000-default.conf. Create a new conf file, configure it on port 443. So, your web server will also listen on port 443:
</ VirtualHost *: 443 >
Step3: Add your certificate and key paths (substitute your actual paths here) in new virtual host file, for example:
Step4: Enable the SSL in Apache by running this command:
sudo a2enmod ssl
Step5: Now restart Apache to load the new configurations:
sudo service apache2 restart
Common mistakes you must avoid :
Redirection loop problem occurs when your website is only listen to port 443 not on port 80. It is because you didn't create new virtual host file for ssl. So, don't change your default file which listen to port 80. Just create new one for listen on port 443.
Sometimes your apache doesn’t load new configurations So, Make sure you enabled SSL in Apache by the command a2enmod SSL and make sure to restart apache.
Make sure your APP_URL or domain url is preceding by HTTPS and you may have URLs incorrectly formatted in your HTML.
If you want HTTPS on subdomain also then make RewriteEngine On in htaccess.
Make sure you have cleared caching of cloudflare.
If you have configured ssl properly but still your website is redirecting on HTTP then it may be browser caching issue, So test it in incognito window of chrome or private window of firefox.
A padlock icon available in the URL bar in browser.
No error messages/ warnings occurred when connecting your website https://yourdomain.com.
Check ssl on server by following command and this will return 200 OK .
wget --no-check-certificate https://example.com/
you can check that SSL certificate is signed by a valid Certificate Authority (CA). You can also check the certificate's validity, expiration date, and much more by using below command. Just replace example.com with your domain name and run it -