SSL is now a must-have for any website.
SSL is a critical component of a secure Internet because it encrypts sensitive information as it moves across the world's computer networks.
Even if your website does not deal with sensitive information like credit cards, SSL is required for security. It ensures the privacy, critical security, and data integrity of your websites as well as the personal information of your users.
SSL certificates issued by reputable certification authorities are extremely costly. However, there are free options available, such as Let's Encrypt and Cloudflare SSL.
This article will serve as a guide to use Cloudflare SSL on the website. SSL certificates are added to the domain. I hope you have already purchased a domain from reputed domain registrars.
Follow the these steps to configure the SSL on your website.
1. Log in to Cloudflare. If you do not have an account then just sign up and create an account before you proceed further.
2. Once you log in you will be asked to add a site.
3. Enter the domain you want to assign Cloudflare SSL.
4. Next you will have to select a plan. If you want a free plan, scroll down a bit and select the plan and click on the Continue button.
5. Cloudflare will also fetch records from your domain registrar. Review the records carefully. It is recommended to completely remove everything or at least the unnecessary ones by clicking Edit and then Delete.
We will be adding these in step 11 manually.
You will now be asked to add the Cloudflare Nameservers to your domain. Depending on the domain registrar the interface might be different.
6. Next login to your domain registrar portal in a separate tab. My domain is registered on
Namecheap.
7. The nameservers will be mentioned on the Cloudflare page. Please do not close this page because once you update the name servers on domain registrar portal you will have to come back to this page.
If you miss this page, you can find the nameservers under the DNS section on the Cloudflare portal.
8. Update these servers on your domain registrar portal.
9. After you change nameservers you might have to wait for an hour and then
Go to the Cloudflare webpage again and click on the 'Check Nameservers' button.
It might take some time for Cloudflare to update the details. Once it is done you will receive an email too.
10. Once the settings are accepted, go to SSL section and select 'Full' so that Cloudflare uses end-to-end encryption for your website.
Now the Cloudflare stays between your domain registrar and the hosting to encrypt the connection using SSL.
We have completed one part of this entire thing. The next is using Cloudflare DNS settings to point your domain to the hosting.
For the purpose of demonstration we will use 000webhost to add hosting to the Cloudflare DNS.
11. In the DNS section of Cloudflare create CNAME records that point to your website hostname.
You basically have to create 2 records in Cloudflare as shown below.
Replace yoursite.000webhostapp.com with your website URL. Once saved the first CNAME will turn into a full name. Keep note of this name. We require this in the final step.
12. Click on the Cloud icon under proxy status and turn it off for both the records.
13. Login to your hosting Cpanel. Depending on the interface you would the hostname that should be used in configuring it with the domain.
14. Next go to CP Panel and add the domain to you configured with Cloudflare.
15. Under the Tools section, Click on Set Web Address. Opt for Point Domain as it allows Cloudflare to manage and use subdomains pointing to other platforms.
16. Enter the domain full name you configured in Cloudflare in step 11.
Press enter or save the changes. Once successful, the domain will be linked.
17. Turn back the proxy on in Cloudflare which we had turned off in step 12.
18. Enter the domain in the browser, the website should now load with SSL encryption which shows the lock symbol.
Final thoughts...
I wanted to keep this documented and share it with the people. This way of using Cloudflare SSL has to help me avoid the insecure message prompt in chrome and other browsers which creates a bad impression on the website.
