How can we help?

Secure Your Website for Free with CloudFlare SSL - A Step-by-Step Guide

In an effort to enhance web security, Google has implemented a new system that identifies websites without SSL certificates as "Non-Secure" if they still handle user data. As such, it's crucial to secure your website by serving it over HTTPS/SSL to safeguard your visitors' information and demonstrate your brand's commitment to online safety. Though SSL isn't a strict requirement for Chrome Push Notifications, it's still recommended for your main domain. Moreover, installing an SSL certificate on your website can provide numerous benefits, including improving your search rankings. In this post, we'll delve into SSL certificates, the various types available, and how to set up a free SSL (Cloudflare) on your website.


What is an SSL Certificate?

Most websites nowadays begin with "https://" in their URL, followed by a green padlock symbol that indicates security. This is made possible by SSL certificates, which do more than just serve as a visual cue.

SSL, or Secure Sockets Layer, establishes an encrypted link between your web server and website visitors. This ensures that all information transmitted between the two parties is kept confidential and inaccessible to anyone who may intercept it. Even if an unauthorized individual intercepts the connection, the encrypted data will be of no use to them.


SSL adds a secure layer to HTTPS for end-to-end encryption


Regarding SSL certificates, they are a small file that merges a cryptographic key with your organization and domain's information. Once placed on the server, it enables the use of HTTPS protocol.

The Certificate Authority performs checks on an organization's data, based on the SSL certificate type. To authenticate certificates and establish secure connections between web servers and end-users, browser and operating system vendors work with these Certificate Authorities to embed the Root Certificates (which the SSL certificate derives from) into their software.

When using an insecure HTTP connection, private data such as email addresses, passwords, and usernames can be collected by third parties who intercept the traffic passing between a web server and a browser. This is why Google and security experts advocate for the use of SSL on websites. By doing so, basic data can be secured from interception, so you should not worry about this.


Why SSL Certificates are Crucial

SSL has been a long-standing security protocol for eCommerce websites and banking institutions. However, smaller enterprises, personal websites, and blogs have also started adopting SSL in recent times. One of the reasons behind this shift is Google's webmaster guideline that emphasizes the importance of SSL in website rankings. Since the announcement of SSL as a ranking factor in 2014, many websites have been transitioning to HTTPS to secure user information and prevent data leaks.

Having an SSL certificate for your website can give you a small but positive ranking factor in search engine results. In fact, Google Chrome, which is the most commonly used browser on both desktop and mobile, now labels HTTP pages that collect sensitive information such as passwords or credit cards as "Non-Secure". This can negatively affect your website's credibility and make visitors hesitant to provide any personal information. Therefore, it is recommended to have an SSL certificate to ensure that your website is labeled as "Secure" in the URL bar.


Exploring SSL Certificate Types: Which One is Right for You?

There are 3 types of SSL certificates:

  • Extended Validation (EV) SSL Certificates
  • Organization Validation (OV) SSL Certificates
  • Domain Validation (DV) SSL Certificates

Although this post focuses on free SSL certificates, it's worth mentioning that premium offerings provide additional features. Here's a brief summary of what each type of SSL certificate offers.


The Extended Validation SSL Certificate

It is given to organizations after verifying that they have the right to use a particular domain name. This includes confirming the organization's existence, legal identification, and authorization for obtaining the certificate.


Organization Validation SSL Certificate

An OV SSL Certificate requires the Certificate Authority (CA) to verify that your organization has the right to use the domain name. They may also perform some of the checks mentioned for EV SSL certificates. With an OV SSL Certificate, your website visitors can view information about your organization.


Domain Validation SSL Certificate

This SSL certificate is the most basic one. It verifies your right to use the domain name and shows information about encryption to users/visitors. However, no details about your organization are shared.


Free SSL certificates: How to secure your website

One of the simplest ways to obtain a free SSL certificate is by registering for Cloudflare.


Step 1: Create an account on Cloudflare

Fill in your details and then select the option "Create Account".


Step 2: Configure your website/domain


Add Website to CloudFlare to Scan DNS Records


Enter your complete website URL, and then click the "Scan" button. Cloudflare will scan your website. Once the scan is complete, click on "Continue Setup."


Step 3: Select a CloudFlare Plan


Since we want a free SSL for our website, choose the Free plan here.


The Free Plan is sufficient for most websites, so you can select it and proceed by clicking on "Continue".

Cloudflare supports partial subdomains, but it requires a subscription on Business or Enterprise plan. Here is a set-up article — https://developers.cloudflare.com/dns/zone-setups/partial-setup/setup


Step 4: Configure your Website DNS Records

After the scan is complete, you will notice an orange cloud icon next to your main domain, indicating that the configuration is correct. It's important to note that Cloudflare bypasses mail and FTP, which should display gray clouds.


Make sure your main domain has an orange cloud next to it


Click on "Continue" if you notice the primary domain with an orange cloud.


Step 5: Update your NameServers

To point your NameServers to Cloudflare, you'll need to access your domain registrar account and locate the setting to modify the NameServer.


Switch the nameservers of your domain to the ones that Cloudflare has given you


Remove the current entries and replace them with the DNS provided by Cloudflare.

Add the new Nameservers provided by Cloudflare to your domain registrar account.

After updating the Nameservers, go back to CloudFlare and click on "Continue". Keep in mind that it can take up to 24 hours for the changes to take effect due to propagation time.


Step 6:Configure SSL for your website.

As your nameservers are being set up, you can work on configuring your SSL. Go to the "Settings Summary" and find "SSL: Full". Click on it, and you will be directed to the "Crypto" page.


Change the SSL to Full


Beside the SSL option, there is a dropdown list. Choose "Full" from the list. It may take an hour or so for the SSL certificate to be issued. You can check the status of the certificate from the "Crypto" page after it is issued.


Step 7: Redirect traffic to HTTPS

The final step is to set up a page rule that will automatically redirect all traffic to HTTPS.


Change the Page Rules to ensure that all the traffic to your website is redirected to HTTPS


To redirect all traffic to HTTPS, go to the Page Rules section from the top of the website view. Add two separate URL patterns: www.mywebsite.com/* and mywebsite.com/* and choose "Always Use HTTPS" for each. Note that this option is only available after the SSL certificate is issued.

It may take a few minutes for the configuration to complete. After that, any page on your website will open on HTTPS.