Use Cloudfare for free SSL on any site


If you’re looking for a cheap way to enable HTTPS (SSL/TLS) on your site, have a look at Cloudfare. By registering your site with them, you get SSL out of the box, for free.

Additionally, if you want to take it a step further, Cloudfare offers many services you can enable, all of which can make your site faster or more secure. You can enable caching, minifying, custom DNS, page rules, image optimization and more.

Setting up SSL

To quickly get your site running with SSL, just follow these steps:

1) Make an account at Cloudfare if you don’t already have one. I chose the free plan which comes with SSL security.

2) Add your site to your account. For Cloudfare to work, it needs to manage your DNS records. On the dashboard, just add your site and Cloudfare will automatically scan it for existing DNS records. Most of the time the default scan results is all you’ll need. If they don’t work, make sure they match the ones on your domain registrars website.

3) Go to your domain registrars website and switch to the Domain Name Servers that Cloudfare provided you with.

That’s it! Give everything some time (usually under an hour but sometimes up to 24 hours) to propagate around and you’ll soon be running HTTPS.


On your Cloudfare dashboard, take a look at the Crypto page for some additional options. For example:

  • Always use HTTPS - redirects all HTTP requests to HTTPS.
  • Require Modern TLS - Only uses modern TLS versions, limited to newer browsers (if you haven’t updated your browser, well… I don’t know, why are you here?).

Wrap up

Of course, there are some other free alternatives too. Specifically, Let’s Encrypt which is a free certificate authority. In this scenario you either need to be hosting your site yourself, or your registrar needs to allow you to upload your own certificate.

In my case, my blog is hosted statically on GitHub Pages with a custom domain configured (GitHub doesn’t yet support enabling SSL for custom domains) and my domain is registered with Google Domains (which also doesn’t have any support for configuring SSL yet). This makes the Cloudfare service perfect for my scenario.