Google has finally released chrome 68 which has come with a NOT secure warning on all websites without an ssl installed. The decision was made to better security on the internet users. Those that visit your website and you. Only the google chrome browser has over 1billion active users.
So, if you’re simply looking on how to remove the not secure warning on google chrome browser or showing a green secure note with https in chrome, Mozilla, internet explore or any other browser, this guide is for you. I am going to share with you two awesome ways to install a FREE ssl certificate on your website.
We will be using cloudflare cdn infrastructure and I take you through all the steps. Forget about the good old ways of installing an ssl on your website where you were required to buy an ssl certificate itself and also get a dedicated IP for your server. (Both these would atleast cost you USD 60 per year).
In this article, I will show you in 5 minutes each step on how to move your site from not secure (http) to secure (https) without spending a penny.
Table of Contents
Cloudflare is a content delivery network (cdn) whose main purpose is to serve your website content to your site visitors using their nearby infrastructure call them servers to your site visitor worldwide. This reduces the amount of time the visitor has to request and receive information from your website. This is because, Cloudflare dns serves your website content to your visitors from their nearest location instead of actually sending requests to your web host or actual web server to your website.
I have been using cloudflare ssl feature to secure a number of websites for years now I and have never been disappointed by their service.
How to Install a Free SSL using Cloudflare
Like I mentioned earlier, I will show you two different ways to install an ssl on your website using cloudflare. Both methods are cost free and easy to setup in just five minutes. Lets start to move your site from NOT secure to secure.
Method One: Installing Cloudflare Free SSL on WordPress Websites
This is a basic and pretty simple, easy and straight forward method to add https to your website.
In brief, you’ll 1. Sign up to Cloudflare, 2. Select the free plan, 3. Add your domain, 4. Select flexible ssl option, 5. Install and activate cloudflare flexible plugin, 6. Install WordPress HTTPs plugin, 7. Configure the Cloudflare page rules, 8. Change wordpress site address, 9. HTTPs is now Enabled
Step1: Signup for Cloudflare free account.
Step 2: Add your site domain to Cloudflare.
Here, cloudflare will go and look at your dns configuration. (remember to select the free version)
Cloudflare will at this point query and fetch all settings from your dns provider. This will include the A records and IP addresses.
Step 3: Change / Point Your Nameservers to Cloudflare.
You will have to switch the namerserver / ip address from you domain registrar and point the ones provided my cloudflare. These nameserver should look familiar to these: leia.ns.cloudflare.com and zeus.ns.cloudflare.com.
DNS modifition may take a few minutes to hours (24). This process updates the newly assigned nameservers (cloudflare nameservers) in your domain registrar account. This update sometimes it takes about 10mins for me however, it may also take several hours.
Step 4: Select the Flexible ssl option under the cypto settings tab from drop down
Step 5: Install and activate Cloudflare flexible plugin by iControlWP
In your WordPress dashboard, navigate to plugins, add new plugin – search – install and activate Cloudflare flexible plugin by iControlWP.
Step 6: Install, activate and configure WordPress HTTPs plugin
Step 7: Configure Cloudflare page rules
Once your nameservers update you’ll see a green bar in your Cloudflare account for that specific domain. Now, one more thing to do is to configure the page rules settings.
Head to Cloudflare tools tab under that specific domain, at the top select page rules, Select always use HTTPs and then add your domain name as the page rule in between two asterisks, finally, click add rule.
Step 8: Change Your WordPress site address
Step 9: HTTPS is now Enabled
Congratulations !! You now have your WordPress website secured.
You may also like: How To Design A Website Without Writing A Single Line Of Code
Method Two: Installing Cloudflare SSL on Non WordPress Websites
Step1: Signup for Cloudflare free account
Repeat Step 2 – 3 Add your site to Cloudflare & Change / Point Your Nameservers to Cloudflare (See in method One)
Step 4: Configure Always HTTPS
Once your nameservers update you’ll see a green bar in your cloudflare account for that specific domain. Now, one more thing to do is to configure the Crypto settings.
Locate up on the Cloudflare tools bar, select the Crypto options, scroll way down to Always HTTPS and turn it on.
Step 4: Reload your website.
At this step, your website will show secure from the browser and it will indicate https installed and working fine.
At this step, you have managed to enable a secure version of your website. However, let’s let’s take it abit deeper and more secure with A+ bank level security using Cloudflare.
Step 5: Enable Bank Level Security
Still under crypto tab, scroll down to HSTS, turn it on, also, enable it for sub domains, turn on preloads, also turn on the notice sniff header.
Step 6: Request HSTS preloader Inclusion
Next, head to HSTS preloader website (https://hstspreload.org/) to request for inclusion in the preloader. Then enter your domain including https. (https://mywebsite.com). Accept and submit.
Now, still under Crypto tab, go step up the minimum TLS version. Defualt is 1.0 but you will have to set this to 1.2 which is a stronger implantation of transport layer security.
Next is will enable the lastest version of TLS protocol for improved security and performance. Still under Crypto, Head down TLS 1.3, and under drop down, select Enabled-ORTT.
Step 6: Fix Insecure Content browser error.
Head back to Cloudflare crypto tab, scroll down and locate Automatic HTTPS Rewrites and turn it on.
So here, cloudflare will force any un secure content on your website to be secure. Everything will be redirected to HTTPS.
Step 7: Enable Full SSL Strict
This will Encrypt All Traffic from Browser, Cloudflare and Website Server.
Follow this video step by step and see how to enable full ssl strict via cloudflare, generating and installing an ssl from cloulflare to your web server.
Video by Troy Hunt.
Congratulations !! You now have your non WordPress site running on HTTP(S)
Let me know in the comments sections if this was of help. Any step that you need further clarification?. I’m pretty sure this guide will help you remove the not secure warning in the browser but more so, to secure your website. You may try accessing your website on different browsers just to make sure that all is working as required.