As mentioned before, Cloudflare's HTTPS certificates can be used, but this is limited to the client-to-Cloudflare connection. There is no way to create a certificate from Cloudflare to the server (installed on the server), and we need to find a way to do that ourselves.
However, Cloudflare offers user-friendly SSL settings, allowing you to make your website HTTPS even if your server doesn't have an HTTPS certificate or isn't using the HTTPS protocol. Here's a brief explanation of the different SSL settings levels (I've encountered some issues with this before):
As shown in the image, it's divided into four levels. If you don't want HTTPS encryption, just turn it off. Flexible allows access via both HTTPS and HTTP, meaning it can be accessed through ports 80 and 443. The most confusing are Full and Full (strict). Both are full HTTPS across the entire site. The difference is that with Full, if your certificate expires or has a problem, it won't display an error message and will continue accessing through port 80. Strict, however, encrypts all connections, and will display an error if the server certificate has a problem.
Obviously, if you really want to implement HTTPS, you should choose the latter, full (strict). However, this raises a problem: I previously mentioned using Let's Encrypt's free certificate (see: [link to document]). Let’s Encrypt SSL Certificate Installation (CentOS + Nginx), along with Scoring and Automatic Renewal However, his certificate auto-renewal always had problems (his rules kept changing), which was very annoying. Today, I accidentally discovered that Cloudflare also offers free certificates, and for 15 years!! 15 years! 15 years! Basically, I'm worry-free!!!
———————————–The following is the tutorial———————————–
Log in to Cloudflare and go to your domain. Then click the "crypto" option and find the "original certificate" below (as shown in the image).
After clicking, select an encryption method and proceed to the next step. You will then be given two encrypted files. Copy the top one and save it as domain.pem; the bottom one is domain.key. Name them whatever you like, but be careful to save them securely, as they cannot be recovered if lost. If these files are written to or stolen, the website encryption will be compromised.
Next is server configuration. Below is an example of nginx:
Go to nginx.conf and add the following under server (note that it's port 443):
ssl on; ssl_certificate /home/https/hellogwu.pem; ssl_certificate_key /home/https/hellogwu.key;
Then restart.
restart nginx service
This siteOriginal articleAll follow "Attribution-NonCommercial-ShareAlike 4.0 License (CC BY-NC-SA 4.0)Please retain the following annotations when sharing or adapting:
Original author:Jake Tao,source:"Cloudflare Free HTTPS Certificate Creation Tutorial"
Comments list (2 items)
How do I install the two encrypted files after the application into my virtual host? I'm using the virtual host through the CP panel, but the two encrypted files are showing as invalid.
@Onlookers:Which hosting provider are you using? Save the two encrypted files, one as a .pem file and the other as a .key file. Then configure Apache or Nginx to bind these two files.