How to setup free SSL certificate using Cloudflare

Website attacks are growing in numbers every day. Using https, for accessing websites and api can safeguard your communication from hackers. To utilize https, we have to setup SSL certificate.

Shyam Verma
ssl
How to setup free SSL certificate using Cloudflare

SSL stands for Secure Sockets Layer, the protocol which provides the encryption.So, SSL certificates are what make a website trusted and works as follows:

SSL process diagram

Some benefits of SSL :

  • SSL Certificates help to ensure website security
  • Accept payment securely
  • Protect login credentials
  • SSL Improves your search engine rankings
  • Protects User’s From Cybercriminals
  • SSL Certificates Earn Users’ Trust

How to setup free SSL certificate with Cloudflare

Previously switching your website from HTTP to HTTPS costs a lot. Thankfully Cloudflare have released a free version of SSL certificate to everyone who wants to use the SSL certificate for securing their website absolutely free of charge.

How To Generate Cloudflare Free SSL Certificate:

Step 1: Log into your CloudFlare account.

Step 2: In Crypto section of your Cloudflare dashboard. Click on the Create Certificate button in the Origin Certificates.

Step 3: List your hostname in the filed for which you want to generate certificate and click next.

Step 4: Now you get the Origin Certificate and Private key. You need to transfer both the origin certificate and private key from CloudFlare to your web server.

Cloudflare dashboard showing certificate

How To Configure Your Cloudflare to Work Through SSL:

To configure your Cloudflare to work through SSL, you have to login into your CloudFlare account. Then, in the configuration panel click on the Settings tab, you will see the SSL Support drop-down option.

You will see four options that you can choose from:

Off: No secure connection between your user’s browser and Cloudflare, and between Cloudflare and your web server.

Flexible SSL: A secure connection between your user’s browser and Cloudflare, but no secure connection between Cloudflare and your web server.

Full SSL: A secure connection between your user's browser and Cloudflare, and also a secure connection between Cloudflare and your web server.

Full SSL (Strict): A secure connection between your user's browser and Cloudflare, and also secure and authenticated connection between Cloudflare and your web server. This one is the most secure connectivity option you would like to choose.

Cloudflare SSL options

How To Configure Cloudflare Free SSL on Your Web Server:

Step 1: Copy the key and cert pair to your origin web server.

Step 2: Make a copy of virtual host configuration file on which your server is running. Assuming your server is running on the default configuration file, /etc/apache2/sites-available/000-default.conf. Create a new conf file, configure it on port 443. So, your web server will also listen on port 443:

<VirtualHost *:443>

Step 3: Add your certificate and key paths (substitute your actual paths here) in new virtual host file, for example:

Step 4: Enable the SSL in Apache by running this command:

sudo a2enmod ssl

Step 5: Now restart Apache to load the new configurations:

sudo service apache2 restart

Common mistakes you must avoid:

  • Redirection loop problem occurs when your website is only listen to port 443 not on port 80. It is because you didn't create new virtual host file for ssl. So, don't change your default file which listen to port 80. Just create new one for listen on port 443.
  • Sometimes your apache doesn’t load new configurations So, Make sure you enabled SSL in Apache by the command a2enmod SSL and make sure to restart apache.
  • Make sure your APP_URL or domain url is preceding by HTTPS and you may have URLs incorrectly formatted in your HTML.
  • If you want HTTPS on subdomain also then make RewriteEngine On in htaccess.
  • Make sure you have cleared caching of cloudflare.
  • If you have configured ssl properly but still your website is redirecting on HTTP then it may be browser caching issue, So test it in incognito window of chrome or private window of firefox.

Testing Methodology

  1. A padlock icon available in the URL bar in browser.
  2. No error messages/warnings occurred when connecting your website https://yourdomain.com.
  3. Check SSL on server by following command and this will return 200 OK:
wget --no-check-certificate https://example.com/
  1. You can check that SSL certificate is signed by a valid Certificate Authority (CA). You can also check the certificate's validity, expiration date, and much more by using below command. Just replace example.com with your domain name and run it:
openssl s_client -connect example.com:443 -servername example.com -showcerts | openssl x509 -text -noout

That's it! SSL certificate is configured and you will see a lock icon on your website.

Shyam Verma

Shyam Verma

Full Stack Developer & Founder

Shyam Verma is a seasoned full stack developer and the founder of Ready Bytes Software Labs. With over 13 years of experience in software development, he specializes in building scalable web applications using modern technologies like React, Next.js, Node.js, and cloud platforms. His passion for technology extends beyond coding—he's committed to sharing knowledge through blog posts, mentoring junior developers, and contributing to open-source projects.