To make all subdomains serve via SSL using Cloudflare, follow these steps:
1. Add Your Domain to Cloudflare
- Log in to your Cloudflare account.
- Add your domain if you haven’t already.
- Update your domain’s nameservers to point to Cloudflare’s nameservers (this may take some time to propagate).
2. Enable SSL on Cloudflare
- Navigate to the SSL/TLS section of your Cloudflare dashboard.
- Select Full (Strict) mode for better security (if your origin server has a valid SSL certificate).
- Flexible mode is only for non-SSL origin servers but is less secure.
- Full mode allows a non-CA SSL certificate.
3. Issue Universal SSL Certificate
- In the SSL/TLS section, go to Edge Certificates.
- Ensure that Always Use HTTPS is enabled.
- Cloudflare will automatically provide a Universal SSL certificate that covers the root domain and wildcard subdomains (e.g.,
*.yourdomain.com
).
4. Configure Subdomain DNS Records
- Go to DNS settings in Cloudflare.
- Add
A
,CNAME
, or other required records for your subdomains. - Ensure the Proxy Status is set to Proxied (Orange Cloud).
5. Automatic HTTPS Redirect
- In the SSL/TLS > Edge Certificates, enable Always Use HTTPS and Automatic HTTPS Rewrites.
6. Optional: Configure Origin SSL Certificate (for Full Strict Mode)
- Navigate to SSL/TLS > Origin Server.
- Click Create Certificate to generate a Cloudflare Origin Certificate.
- Install this certificate on your server to secure the connection between Cloudflare and your server.
7. Test SSL for Subdomains
- Visit your subdomains (
https://subdomain.yourdomain.com
) to confirm they are served over HTTPS. - Use SSL Labs Test to verify the security level.
8. Edge Certificate for Wildcard Coverage (Optional)
If you need more specific wildcard SSL coverage, consider Cloudflare’s Advanced Certificate Manager.
- Also not that this free ssl only works for single level sub domain only…. like it will work for api.mycompany.com but not for api.backend.mycompany.com