Step by Step Guide To Secure A Website Using Cloudflare FREE SSL (2 Ways)

Google has finally released chrome 68 which has come with a NOT secure warning on all websites without an ssl installed. The decision was made to better security on the internet users. Those that visit your website and you. Only the google chrome browser has over 1billion active users.

So, if you’re simply looking on how to remove the not secure warning on google chrome browser or showing a green secure note with https in chrome, Mozilla, internet explore or any other browser, this guide is for you. I am going to share with you two awesome ways to install a FREE ssl certificate on your website.

We will be using cloudflare cdn infrastructure and I take you through all the steps. Forget about the good old ways of installing an ssl on your website where you were required to buy an ssl certificate itself and also get a dedicated IP for your server. (Both these would atleast cost you USD 60 per year).

In this article, I will show you in 5 minutes each step on how to move your site from not secure (http) to secure (https) without spending a penny.

Fix Not secure in chrome

Fix Not secure in chrome

Backgroud

Cloudflare is a content delivery network (cdn) whose main purpose is to serve your website content to your site visitors using their nearby infrastructure call them servers to your site visitor worldwide. This reduces the amount of time the visitor has to request and receive information from your website. This is because, Cloudflare dns serves your website content to your visitors from their nearest location instead of actually sending requests to your web host or actual web server to your website.

I have been using cloudflare ssl feature to secure a number of websites for years now I and have never been disappointed by their service.

How to Install a Free SSL using Cloudflare

Like I mentioned earlier, I will show you two different ways to install an ssl on your website using cloudflare. Both methods are cost free and easy to setup in just five minutes. Lets start to move your site from NOT secure to secure.

Method One: Installing  Cloudflare Free SSL on WordPress Websites

This is a basic and pretty simple, easy and straight forward method to add https to your website.

In brief, you’ll 1. Sign up to Cloudflare, 2. Select the free plan, 3. Add your domain, 4. Select flexible ssl option, 5. Install and activate cloudflare flexible plugin, 6. Install WordPress HTTPs plugin, 7. Configure the Cloudflare page rules, 8. Change wordpress site address, 9. HTTPs is now Enabled

Step1: Signup for Cloudflare free account.

select cloudflare free plan

select cloudflare free plan

Step 2: Add your site domain to Cloudflare.
Here, cloudflare will go and look at your dns configuration. (remember to select the free version)

adding site to cloudflare

adding site to cloudflare

Cloudflare will at this point query and fetch all settings from your dns provider. This will include the A records and IP addresses.

cloudflare querying dns records

cloudflare dns query results

cloudflare dns query results

switching nameservers

switching nameservers

Step 3: Change / Point Your Nameservers to Cloudflare.
You will have to switch the namerserver / ip address from you domain registrar and point the ones provided my cloudflare. These nameserver should look familiar to these: leia.ns.cloudflare.com and zeus.ns.cloudflare.com.

update nameservers from your domain registrar

update nameservers from your domain registrar

DNS modifition may take a few minutes to hours (24). This process updates the newly assigned nameservers (cloudflare nameservers) in your domain registrar account. This update sometimes it takes about 10mins for me however, it may also take several hours.

Step 4: Select the Flexible ssl option under the cypto settings tab from drop down

cloudflare flexible ssl active

cloudflare flexible ssl active

Step 5: Install and activate Cloudflare flexible plugin by iControlWP

In your WordPress dashboard, navigate to plugins, add new plugin – search – install and activate Cloudflare flexible plugin by iControlWP.

Step 6: Install, activate and configure WordPress HTTPs plugin

Step 7: Configure Cloudflare page rules

Once your nameservers update you’ll see a green bar in your Cloudflare account for that specific domain. Now, one more thing to do is to configure the page rules settings.

Head to Cloudflare tools tab under that specific domain, at the top select page rules, Select always use HTTPs and then add your domain name as the page rule in between two asterisks, finally, click add rule.

setting cloudflare always https page rule

setting cloudflare always https page rule

Step 8: Change Your WordPress site address

wordpress site address

wordpress site address

Step 9: HTTPS is now Enabled

site now secure and https working fine

site now secure and https working fine

Congratulations !! You now have your WordPress website secured.

You may also like: How To Design A Website Without Writing A Single Line Of Code

Method Two: Installing Cloudflare SSL on Non WordPress Websites

Step1: Signup for Cloudflare free account

select cloudflare free plan

select cloudflare free plan

Repeat Step 2 – 3 Add your site to Cloudflare & Change / Point Your Nameservers to Cloudflare (See in method One)

Step 4: Configure Always HTTPS

Once your nameservers update you’ll see a green bar in your cloudflare account for that specific domain. Now, one more thing to do is to configure the Crypto settings.

Locate up on the Cloudflare tools bar, select the Crypto options, scroll way down to Always HTTPS and turn it on.

always https under crypto

always https under crypto

Step 4: Reload your website.
At this step, your website will show secure from the browser and it will indicate https installed and working fine.

At this step, you have managed to enable a secure version of your website. However, let’s let’s take it abit deeper and more secure with A+ bank level security using Cloudflare.

Step 5: Enable Bank Level Security
Still under crypto tab, scroll down to HSTS, turn it on, also, enable it for sub domains, turn on preloads, also turn on the notice sniff header.

Step 6: Request HSTS preloader Inclusion

Next, head to HSTS preloader website (https://hstspreload.org/) to request for inclusion in the preloader. Then enter your domain including https. (https://mywebsite.com). Accept and submit.

Now, still under Crypto tab, go step up the minimum TLS version. Defualt is 1.0 but you will have to set this to 1.2 which is a stronger implantation of transport layer security.

Next is will enable the lastest version of TLS protocol for improved security and performance. Still under Crypto, Head down TLS 1.3, and under drop down, select Enabled-ORTT.

Step 6: Fix Insecure Content browser error.

Head back to Cloudflare crypto tab, scroll down and locate Automatic HTTPS Rewrites and turn it on.
So here, cloudflare will force any un secure content on your website to be secure. Everything will be redirected to HTTPS.

Step 7: Enable Full SSL Strict

This will Encrypt All Traffic from Browser, Cloudflare and Website Server.

Follow this video step by step and see how to enable full ssl strict via cloudflare, generating and installing an ssl from cloulflare to your web server.

Video by Troy Hunt.

Congratulations !! You now have your non WordPress site running on HTTP(S)

In Closing

Let me know in the comments sections if this was of help. Any step that you need further clarification?. I’m pretty sure this guide will help you remove the not secure warning in the browser but more so, to secure your website. You may try accessing your website on different browsers just to make sure that all is working as required.

A passionate entrepreneur with an obsession in technology, photography, art and traveling. He is the founder of Go Tech UG and holds a Dip in Media Design and Print Technology [Dip. Print Tech] plus a Bachelors of Science in Information Technology from Sikkim Manipal University India [BScIT]. He has won a couple of contests both locally and internationally and through this blog, he shares some cool nuggets. He is 22yrs as of launching this blog in May 2017 and has travelled to over 10 countries.