Enabling SSL with Cloudflare

Finally, gordon-chan.net is fully run in HTTPS.

It is shame that as a webmaster I know how HTTPS is essential nowadays, even my website is not a e-Commerce site, it is also essential for SEO ranking.

Cloudflare is famous and a wellknown web performance and security solution company, apart from offering DNS Service, sometime their domain price is also competitive than NameCheap and GoDaddy.

As I wish to get the site run under HTTPS, I know I need to setup SSL. Let’s encrypt is an option on my webhosting, however it requires me manually generate the cert every 3 months, and for every sub-domain, which is tedious process and I giveup or eventually forgotten over time.

Tonight when I try explore Cloudflare, and I find Cloudflare mentions they offer free SSL. I was thinking is there any plan subscription needed in order to enjoy it and insanely it is not. It is completely FREE.

So, I follow the step to turn my site into HTTPS, which basically involves:

1. Sign up a Cloudflare account (fair enough)

2. Login Cloudflare account, go to “Website”, click “Add a website”

3. Fill your domain for Cloudflare to search your web DNS config

4. In the Select Plan, scroll down for “Free plan”

5. Wait for Cloudflare look for your DNS records and review the DNS records that they found (You need to ensure the record are correct, and add any missing records)

6. Click “Continue”, Cloudflare will then show you the nameserver that you need to update in your Domain hosting. For my case is GoDaddy. I login to GoDaddy for my domain’s DNS Records. Be caution, once you update the nameserver, the DNS records in your Domain Host will gone. Therefore once again to ensure all DNS records are exists in Cloudflare. If things alright, update the nameserver and wait for its activation.

Normally the process need for 72 hours. Turn out, my whole process only need to wait for <10mins. I check all my sub-domain, login to my web hosting, and all work normal. What a magic!!!

Just to note, having a HTTPS site is not necessary mean your site is secured. It just ensure the communication between browser and your web server is secured. I came across some store owner with their eCommerce software with security risk and they didn’t apply patch, and turn out their website file being modified by malicious code and security risk exposed.

Wish this sharing helps you turn your website into HTTPS.

Leave a Reply

Your email address will not be published. Required fields are marked *

Please Answer * Time limit is exhausted. Please reload CAPTCHA.