Http To Https Free Through CloudeFlare – A Complete Hack

HTTPS is a must for every website nowadays: when providing their details, users are looking for a padlock; Chrome and Firefox explicitly mark websites that provide forms on pages without HTTPS as non-safe; it is an SEO ranking factor, and it has a serious impact on privacy in general.

Why HTTPS Matters For Every Website

A common misconception about HTTPS is that only websites that handle sensitive data such as e-commerce websites, social media sites or any website with user logins are relevant. This is because, in the past, the main use of HTTPS was for financial transfers or other sensitive communications.

The mentality, though, has shifted and we are beginning to see its use on all sorts of websites. But many still believe it’s unnecessary to introduce HTTPS on their web, because it’s “just a blog,” or because they don’t gather user data.

This is no longer an age where merely sticking to plain HTTP on your website can get free. Aside from the fact that you are obliged to give your users security, the web is moving towards a time when HTTPS becomes non-negotiable for all websites.

HTTPS Provides Confidentiality

In a public medium such as the Internet, this protects communication between two parties from others. For example, when someone using the access point buys something online without HTTPS, someone operating a Wi-Fi access point could see private information, such as credit cards.

Switching from HTTP to HTTPS has been made so easy with Cloudflare. Read further to know-how.

Why Cloudflare?

Whatever server-side infrastructure you have, CloudFlare can help you secure an SSL certificate for free. It also functions with websites that are hosted on networks that don’t provide access to servers like GitHub Pages, Ghost and the like.

You don’t have to update anything or write code at all. It makes installing HTTPS on your website a really great option, and startup time will take no longer than 10 minutes, basically.

It also provides a number of other protection and efficiency incentives for your website that we will not discuss here. But we are going to talk a little about how it all works so you can get a good idea of how all those stuff can be done.

How Cloudflare Works

Cloudflare sits right in the middle of traffic between your website and server visitors. Visitors might be regular humans, crawlers, and bots (like search engine bots) or hackers. Cloudflare helps strip out all unauthorized content by serving as an intermediary between your web server and visitors to your site so that only the good stuff gets in.

Now you may wonder if everything that could have an adverse effect on your website’s pace, but it’s quite the contrary. Cloudflare has data centers around the world so it’ll just use the visitor’s closest gateway to make the site even smoother than it used to be.

Step By Step Guide To Switch From HTTP To HTTPS

Now that we know how Cloudflare operates, let’s take a look at how to set up a website on its network, and how to get free on HTTPS. The emphasis here will be on the apps that Cloudflare delivers for free, but remember that there are also premium options with a lot of additional features available.

1.      Buying A Domain Name

The first thing to do after you sign up at Cloudflare is to add a domain and check the DNS information. Buy the domain on You can use them for all your domains because they have a great user interface, they have lightning-fast response rates from their support team and their prices are almost always the lowest. What else could you ask for?

Once the search is completed, all DNS records will be listed on the domain. You will pick the sub-domains you want to allow on Cloudflare and make any desired changes.

2.      Getting SSL For Free

SSL is still a premium service and significant amounts are charged by many Certificate Authorities before issuing an SSL certificate. It’s not something you can just get everywhere for free, but in the industry that’s changing rapidly.

Now that you have Cloudflare seated in the middle of your web traffic, you should automatically get SSL on your domain. It can take up to 24 hours to get the credential working but it doesn’t take long in my experience.

If you see more information about the cert you will see the authority that issued the certificate and the date of expiry. One of CloudFlare’s great things is that certificate renewal is done automatically for you so no worries there.

3.      Generating A CSR

A CSR is a signature order for credentials and is necessary to trigger the newly purchased SSL certificate. There are a couple of steps for generating the CSR. At the end of this, you will receive a text file to copy the content and paste it back into the dashboard for Namecheap.

Generate a private key in your terminal window using the OpenSSL command. If you don’t have an OpenSSL already, you can update it with your operating system instructions in one minute. You must also join something called the “common name” Use your website’s root domain (not a subdomain).

4.      Activating The SSL Certificate

This step is usually done back in Namecheap. Go to Account -> Product List, and you will view your SSL certificate inactive in that list. Go through the authorization process steps and fill in the details you are seeking. The contents of that server.csr text file created in the previous step will need to be pasted in. Once you paste that, Namecheap will infer the name of the root (which you entered in step #3 as the common name), and ask you to fill in up to 2 more domains. Then add “www.your” to that register. Choose to have the certificate sent to you by telephone, then finalize the activation.

5.      Updating The DNS Records On CloudFlare

You now need to sign in to Cloudflare and change the DNS records to connect to the DNS server in Heroku. You need 2 records with CNAME: one for the central domain and one for the subdomain within the WWW.

The name of the CNAME root domain record should be your

The CNAME record of the WWW subdomain should be:

6.      Enforce HTTPS

The last step is to ensure that your site strictly enforces HTTPS and does not allow users to search through an unsecured link with any sites. First go to Crypto-> and update your SSL level to “Full (strict).”

Finally, go to Page Rules > Add a rule. You must add a rule which forces each page to redirect to HTTPS. Only use format:* and pick

“Always use HTTPS.”

With this, you have got yourself a shiny new HTTPS website.

Have a Question?


Call: +1 202 915 6200