Install Free Cloudflare SSL Certifactes for Nginx, Apache and Caddy

Overview

Install and Use Cloudflare SSL for All Web Servers (Nginx, Apache, Caddy)

Cloudflare provides free SSL certificates that work with Nginx, Apache, and Caddy. You can set up Cloudflare SSL using either Full or Full (Strict) mode.

Go to Cloudflare: https://www.cloudflare.com
Sign up and add your domain.
Change your domain’s nameservers to the ones provided by Cloudflare.
Wait for DNS propagation (can take a few minutes to hours).

Step 2: Configure SSL/TLS in Cloudflare

Go to the Cloudflare Dashboard.
Navigate to SSL/TLS → Overview.
Choose one of the following SSL modes:
- Flexible: Encrypts traffic between the browser and Cloudflare, but not between Cloudflare and your server. (Not recommended, as it’s insecure).
- Full: Encrypts traffic end-to-end but does not verify the certificate on your server. (Works with self-signed certificates).
- Full (Strict) [Recommended]: Encrypts traffic end-to-end and verifies the certificate on your server. Requires a valid SSL certificate on your server.

Step 3: Generate & Install an SSL Certificate (For Full or Full Strict Mode)

Option 1: Use Cloudflare’s Origin SSL Certificate (Recommended)

Cloudflare provides a free 15-year SSL certificate for your server.

Go to SSL/TLS → Origin Server
Click Create Certificate
Choose:
- Key Type: RSA (2048)
- Certificate Validity: 15 years
Copy the certificate and private key.
Install them on your server.

Step 4: Install SSL on Your Web Server

For Nginx

Save the SSL files:
```
sudo nano /etc/ssl/cloudflare.crt
```
Paste the certificate from Cloudflare and save.
```
sudo nano /etc/ssl/cloudflare.key
```
Paste the private key from Cloudflare and save.

Update the Nginx configuration:

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/ssl/cloudflare.crt;
    ssl_certificate_key /etc/ssl/cloudflare.key;
    location / {
        root /var/www/html;
        index index.html;
        }
}

Restart Nginx:
```
sudo systemctl restart nginx
```

For Apache

Save the SSL files:
```
sudo nano /etc/ssl/cloudflare.crt
```
Paste the certificate from Cloudflare and save.
```
sudo nano /etc/ssl/cloudflare.key
```
Paste the private key from Cloudflare and save.

Update the Apache configuration:

<VirtualHost *:443>
    ServerName example.com
    SSLEngine on
    SSLCertificateFile /etc/ssl/cloudflare.crt
    SSLCertificateKeyFile /etc/ssl/cloudflare.key
    DocumentRoot /var/www/html
</VirtualHost>

Restart Apache:

sudo systemctl restart httpd    # CentOS/RHEL

For Caddy

Edit the Caddyfile:
```
sudo nano /etc/caddy/Caddyfile
```

Add the following configuration:

example.com {
    root * /var/www/html
    file_server
    tls /etc/ssl/cloudflare.crt /etc/ssl/cloudflare.key 
}

Restart Caddy:
```
sudo systemctl restart caddy
```

Step 5: Enable HTTPS Redirect in Cloudflare

Go to SSL/TLS → Edge Certificates.
Enable Always Use HTTPS to redirect all HTTP traffic to HTTPS.
Set Automatic HTTPS Rewrites to ON.

Step 6: Verify SSL is Working

Visit https://example.com in a browser.
Use SSL Checker (https://www.sslshopper.com/ssl-checker.html) to verify the SSL setup.

Final Notes

If using Full (Strict) mode, make sure your server has a valid SSL certificate.
Cloudflare handles SSL termination, improving security and performance.
Always restart your web server after updating SSL configurations.

Overview#

Install and Use Cloudflare SSL for All Web Servers (Nginx, Apache, Caddy)#

Step 1: Sign Up & Add Your Domain to Cloudflare#

Step 2: Configure SSL/TLS in Cloudflare#

Step 3: Generate & Install an SSL Certificate (For Full or Full Strict Mode)#

Option 1: Use Cloudflare’s Origin SSL Certificate (Recommended)#

Step 4: Install SSL on Your Web Server#

For Nginx#

For Apache#

For Caddy#

Step 5: Enable HTTPS Redirect in Cloudflare#

Step 6: Verify SSL is Working#

Final Notes#