How to add HTTPS to your website for free!
Google’s Chrome Browser lists all unencrypted sites as explicitly “not secure”. The change applies equally to all HTTP sites, which display a “Not Secure” image in the address bar. HTTPS-enabled sites are unaffected. This is the strongest nudge yet to drive the web towards encryption by default and has been a long time coming.
Although there is a ton of evidence that speaks to why everyone should hop on the HTTPS bandwagon, a lot of people still don’t see the value in serving their sites securely.
Why you need HTTPS?
- HTTPS protects users against Man In the Middle attacks.
- HTTPS is required to leverage many new features in browsers such as Service Workers
- HTTPS impacts SEO
To prevent users from seeing this warning on your website, all you need to get a valid SSL certificate.
To secure the website we will use CloudFlare. CloudFlare can help you secure an SSL certificate for free regardless of what server-side infrastructure you have. It also works for sites that are hosted on platforms that do not provide server access such as GitHub Pages, Ghost, and the likes.
How Cloudflare works?
Cloudflare sits right in the middle of traffic between visitors to your website and your server. Visitors could be regular humans, crawlers and bots (such as search engine bots) or hackers. By acting as an intermediary between your web server and visitors to your site, Cloudflare helps to filter out all illegitimate traffic so that only the good stuff goes through.
1. After sign up at CloudFlare, add a domain and scan the DNS records
Once the scan is completed, all the DNS records on the domain will be displayed. You can choose the sub-domains you want to enable Cloudflare on and make any desired modifications. Once you’re ready, click Continue to go to the next step.
Select the free plan and click Continue.
Next, you’ll need to change the nameservers on your domain registrar to the Cloudflare provided ones. The process for doing this on each domain registrar is slightly different, so do check with your domain registrar.
Now you must wait for the nameserver changes to finish propagating. Click on Recheck Nameservers after a while to see if your site is now active on Cloudflare.
This is the longest part of the setup and could take up to 24 hours, but in my experience, it took less than 5 minutes. Once your nameserver updates have been validated by Cloudflare, your site becomes active on the service.
Getting SSL for free
SSL is still a premium service and many Certificate Authorities charge significant amounts before issuing an SSL certificate. It’s not something you can just get for free everywhere, but that’s changing rapidly in the industry.
Now that you’ve got Cloudflare sitting in the middle of your web traffic, you should get SSL on your domain automatically. It can take up to 24 hours for the certificate to become active, but in my experience, it doesn’t take long at all. Once the certificate becomes active, load up your site in a browser. You should see the site served over HTTPS and a nice green padlock in the address bar.
If you view more information about the cert you will see the Certificate Authority that issued it and the expire date. One of the great things about Cloudflare is that certificate renewal is done automatically for you so no worries there.