Cloudflare offers several options to enable SSL within the panel. This article is an overview of how to enable SSL for a Cloudflare-enabled domain.
When setting up Secure Hosting with your Cloudflare account, you’ll notice a few different available options. The following sections detail these options.
Selecting a Cloudflare plan
- The first step to setting up SSL on your domain using Cloudflare is to add a Cloudflare plan to the domain. Both FREE and Plus plans work with an SSL certificate.
- It’s also currently not possible to add Cloudflare to a dreamhosters.com subdomain.
- Go to the (Panel > ‘Domains’ > ‘Manage Domains’) page.
- Do one of the following:
- If you have not added your domain on the panel yet, click the Add Hosting to a Domain / Sub-Domain button near the top of the page.
- If you've already added your domain on the panel, click the Edit button under the 'Web Hosting' column to the right of your domain.
- Confirm that the 'Enable Cloudflare on this domain' checkbox is checked.
- Two drop-down lists, 'Cloudflare Account' and 'Cloudflare Subscription' appear beneath the checkbox once this option is selected.
- Select either the FREE or Cloudflare Plus option from the "Cloudflare Subscription" drop-down.
- If you are adding a new domain, scroll down and click the Fully host this domain button.
- If you're editing an existing domain, scroll down and click the Change Settings button.
SSL options in the Cloudflare panel
Once you create a Cloudflare plan, use your newly-created login credentials to log in to the Cloudflare panel:
- Go to https://www.cloudflare.com/login and log in.
- On the overview page, your domains are listed along with what type of plan you're using:
- Click your domain to alter its settings.
- If you've enabled the paid Cloudflare plan in the DreamHost panel, 'Flexible SSL' is selected by default:
- Click the Crypto button at the top to adjust the security settings.
- Select an SSL option from the dropdown to the right of the SSL section:
- Flexible SSL
- Full SSL
- Full SSL (Strict)
An explanation of the plans is mentioned below, but you can also view further information by visiting the Cloudflare support page.
- means that visitors to your site will be able to connect using https, but the connection between DreamHost and Cloudflare is not encrypted.
- is the default setting for your domain when you add a FREE Cloudflare plan to your domain without an SSL certificate.
- is NOT recommended if you have any sensitive information on your website.
- View Cloudflare's blog post about this Universal SSL option.
It's possible you may see an infinite redirect loop on your site when enabling 'Flexible SSL'. View the following page for details on what may be the cause of this error:
Full SSL and Full SSL (Strict)
Full SSL means that the connection between DreamHost and Cloudflare is encrypted.
- Your visitors will see HTTPS and a secure padlock in their browser.
- You must have a self-signed, professionally-signed certificate, or 'Let's Encrypt' certificate installed to use the Full SSL service.
- View Secure Hosting for information on how to create an SSL certificate with DreamHost.
To set up Full SSL:
- Complete the steps described in Selecting a Cloudflare Plan described above.
- Confirm that Secure Hosting is added to your domain.
- Use the Cloudflare dashboard to enable Full SSL (or Full SSL Strict) on your domain.
Only a professionally-signed or 'Let's Encrypt' certificate will work with Cloudflare’s Full SSL (Strict) setup.