SSL Cloudflare guide

Step 1 - Create a Cloudflare account

Go to https://dash.cloudflare.com/sign-up, enter your e-mail address and choose a password for the account, then click Create Account.

Next

Step 2 - Add your domain to Cloudflare

Enter your domain's URL in domain.com format and click Add site.

PreviousNext

Step 3 - Select a Cloudflare Plan

We have found that the Free Website plan works fine for the large majority of our clients, and Cloudflare have confirmed that business websites and eCommerce stores are allowed to use the Free Website plan.

Unless you have any specific need for a paid plan, click Free, then click Continue.

PreviousNext

Step 4 - Wait for Cloudflare to scan your DNS records

Cloudflare will scan your domain's DNS records and replicate those records in your domain's Cloudflare account. This process will take around 30 seconds. Once the process is complete, the page will automatically proceed to the next step.

PreviousNext

Step 5 - Confirm your DNS records

Carefully review the DNS records which Cloudflare has detected and confirm that the existing records are correct and that all the records are listed. You may wish to open your existing DNS management portal to compare the records directly.

To ensure no records are missed, you may wish to directly import your domain zone file. If so, just click the Advanced button, then either drag and drop or select your zone file from your computer and upload it directly to Cloudflare. You can then review and compare your records. If any records are missing, you can add them using the text fields at the top of the record list.

Once you're satisfied that all of your DNS records are listed, click Continue.

PreviousNext

Step 6 - Change your nameserver records

Log into your domain registrar account and change your nameservers to the ones provided by Cloudflare. The information displayed will be specific to your domain, and the domain registrar shown will be for your domain - it may be Namecheap, GoDaddy, Network Solutions, etc. Follow the link to access your domain registrar account. Do not use the nameservers from the screenshot below - your nameservers are assigned specifically to your domain by Cloudflare.

If you need any assistance with this step, contact your domain registrar's support team.

Click Done, check nameservers to proceed.

PreviousNext

Step 7 - Await nameserver propagation

Once you've changed the nameserver records, you need to wait for the new records to propagate. How long this takes will usually be set by your domain registrar, but if you have the ability to change the TTL, you may wish to do so prior to making the nameserver changes to speed the process up. If your nameserver TTL is 1 day, for example, changing the TTL to 30 minutes the day before you make the nameserver change will allow the nameserver change to be completed much sooner than if it's left as 1 day. The TTL can then be changed back to its original value after the propagation is complete.

Click the Re-check now button to force Cloudflare to query the domain and get the current nameserver records. Once Cloudflare has detected that the records are configured correctly, it will automatically activate your domain and start routing the traffic for it.

PreviousNext

Step 8 - Confirm the domain is live

Now that the domain is using Cloudflare's nameservers and the traffic is being routed through the Cloudflare network, all that's left is to confirm that the SSL certificate has been issued. Wait for 5 minutes after Cloudflare has detected the nameserver change, then visit the site using HTTPS - for example, https://www.yourdomain.com. If it works as expected, you're done - if it doesn't, click on the SSL/TLS page in your Cloudflare account to check on the status of the SSL certificate. It can take up to 24 hours for a certificate to be issued, however it's normally done within a few minutes.

PreviousNext

Step 9 - Change the encryption type and usage

In order to ensure your website works as expected when Cloudflare starts routing the traffic, we may need to change the encryption mode. Click on the SSL/TLS icon at the top of the page, and ensure that the encryption mode is set to Flexible. If it's set to Full, just click Flexible and the setting will update.

Next, click on Edge Certificates, below the navigation menu, and scroll down to Always Use HTTPS and click the toggle to turn this on.

Previous