How to setup Full SSL with Cloudflare

Documentation HTTPS and SSL
1

By default, Cloudflare uses a system called “Flexible SSL”. In this system, Cloudflare secures the connection between your visitors and Cloudflare, but not the connection between Cloudflare and your website. Not only is this less secure, some websites (notably WordPress) have trouble detecting whether HTTPS is in use, causing all sorts of issues.

The best way to resolve this is by using Full SSL in Cloudflare. This way, the connection between Cloudflare and your website is encrypted, and your website can easily detect that HTTPS is being used.

This guide describes how to set this up.

Get a Self Signed SSL certificate

To use Full SSL, you’ll need an SSL certificate installed on your hosting account. For this purpose, we’ll use a “Self Signed” SSL certificate. Such certificates are not trusted by browsers (but they are trusted by Cloudflare), but they can be valid for a long time.

You can get a self-signed SSL certificate using the Free SSL Certificates tool in the client area.

CF-full-selfSignedCert
CF-full-selfSignedCert909×233 22.2 KB

CF-full-selfSignedCert2
CF-full-selfSignedCert2971×505 41.3 KB


Install the Self Signed certificate

With the certificate created, it’s time to install it. In most cases, you can do so automatically, but you can do it by hand too.

Installing the certificate automatically

To install the certificate automatically, simply click the big install button to install it.

CF-full-selfSignedCert3
CF-full-selfSignedCert3849×161 20.5 KB

Installing the certificate manually

To install the certificate manually, you can do so as follows:

  1. Open the SSL certificate page in the client area and the SSL/TLS page in the control panel.
  2. Copy-paste the Private Key from the client area into the Private Key field in the control panel.
  3. Click Upload Key.
  4. Copy-paste the Certificate from the client area into the Certificate field in the control panel.
  5. Click Upload Certificate.

Screenshot from 2022-04-18 17-48-53
Screenshot from 2022-04-18 17-48-531281×944 224 KB

Screenshot from 2022-04-18 17-49-58
Screenshot from 2022-04-18 17-49-58887×919 119 KB

Set Cloudflare to Full SSL mode

With the certificate installed, it’s time to configure Cloudflare.

To do so, login to the Cloudflare Dashboard, go to your domain name, then go to “SSL/TLS” → “Overview” and set the encryption mode to Full.

image
image920×690 68.8 KB

And for the most part, this is all you need to start using Full SSL!

Configure your website to use HTTPS

If you are switching an existing website to HTTPS, you may need to make some changes to your website to make it work.

You’ll need to make sure that all URLs on your website use https:// instead of http://.

The process for this varies depending how you’ve built your website. Sometimes, you don’t need to do anything at all. But if you’re using an existing script or CMS, there is usually a setting you’ll need to edit, either in a configuration file or a settings page. If you’ve built your website without a CMS, you may need to manually edit the code of your site.

For WordPress, you’ll need to change the Website URL setting, which can be found in the WordPress admin interface in Settings → General.

After changing this setting, you should check your site to make sure it still works.

Enable Always Use HTTPS in Cloudflare

Once you’ve configured your website to work with HTTPS, you should force everyone to start using it.

The best way to do this is to enable the setting “Always Use HTTPS” in Cloudflare. You can find it under “SSL/TLS” → “Edge Certificates”. Enabling this setting will make everyone always use HTTPS on your site.

image
image907×353 30.5 KB

While you’re on that page, you should also make sure that “Automatic HTTPS Rewrites” is turned OFF. This setting is generally not necessary, can hide other configuration issues and cause weird errors.

image
image926×337 33.1 KB

Final Notes

Can I use "Full (strict)" SSL mode?

Yes, you can!

To use “Full (strict)” mode, you need a certificate that Cloudflare can verify is actually yours. A self signed certificate doesn’t work here.

To use Full (strict) SSL on free hosting, you’ll need a certificate provided by a trusted authority. You can get a free, trusted SSL certificate through our client area and install it on your account. Then, you can use Full (strict) mode.

However, you need to manually renew this certificate every three months, unlike with a self signed certificate. So it’s easiest to use “Full” (not strict) SSL mode instead.

Premium hosting integrates Let’s Encrypt directly in the control panel, so free SSL certificates are automatically renewed, so you can use “Full (strict)” mode without the hassle.

Can I use Cloudflare Origin Certificates?

Another way to use “Full (strict)” SSL mode is to use an Origin Certificate from Cloudflare. These are “self signed” certificates signed by Cloudflare. Cloudflare trusts these certificates, so they can be used for strict SSL

However, the free hosting control panel performs additional validation on SSL certificates, and Cloudflare’s certificates do not pass these checks.

13 Likes
2

Awesome pictures!

5 Likes
3

great tutorial :smiley:

1 Like
4

I just followed this and everything setup fine, Thank you :+1: :+1: :+1: :+1: :+1:

Just a heads up, the link in the very first part of the post is incorrect

the link should be /sslCertificates not /ssls

Thanks

5 Likes
5

Fixed :slight_smile:

2 Likes
6

Or Admin could just set up a redirect!

1 Like
7

This is exactly what I was looking for. After trying to fix issues with Cloudflare’s flexible SSL. 100% of my issue are gone now.

3 Likes
8

A post was split to a new topic: Https://forum.infinityfree.com/t/a-full-guide-to-cloudflare/44451/