You may have heard that Cloudflare provides a free SSL Certificates for websites that use their CDN (Content Delivery Network) service.
Before you decide to use Cloudflare CDN as a source of free SSL certificates here is what you should know about using their service.
Cloudflare CDN is a technical service requiring correct configuration
Cloudflare CDN SSL certificates can only be used to encrypt the channel between the web browser and Cloudflare CDN cache servers, if you use the CDN's Caching service.
The CDN's Caching service reduces load on your web server for static website resources such as images, JavaScript, videos, and static HTML page files.
This Caching service has technical settings including filters which need to be correctly configured so that any dynamic pages on your website serve correctly. Misconfiguration can also affect your website SEO negatively. Sometimes just using Cloudflare may affect your SEO negatively based on luck.
Additionally, Cloudflare's Free plan only offers basic and limited settings.
Cloudflare CDN free SSL only creates an end-to-end secure channel if you have already setup a SSL Certificate!
To put the above image in words, if your origin web server where your website is hosted…
- has either a valid certificate from a Certificate Authority, use either the Full or Full (strict) SSL option
- has self-signed SSL certificates, use the Full SSL option. (not recommended for most websites)
- lacks any installed SSL certificate, utilize the Flexible SSL option. (recommended only for personal/non-commercial websites)
Cloudflare’s free SSL in Full or Full (Strict) mode are the only options to properly secure the connection between the client & your server. However, this is only possible if you have already setup your own SSL certificate for the website on your origin web server!
Cloudflare also provides free SSL certificates for your website or origin web server, but they are meant to be used by Cloudflare CDN servers connecting to your web server, and will not work in web browsers.
Cloudflare SSL Certificates may not be good for business reputation
When anyone checks the SSL certificate details, they will not see your website listed. The SSL certificate is issued in the name of Cloudflare and not your website. This is bad for business reputation if it is a commercial website.
Additionally, if you decide to stop using Cloudflare CDN you cannot use the certificates with any other web hosting or CDN service.
Is there a better alternative for free SSL certificates?
You can get free SSL certificates from Let's Encrypt. However, it only makes sense if you have a way of automating the certificate issuance before the 90-day validity expiry.
In most cases it is best to go with paid certificates since they are very affordably priced and offer longer validity, verifiable site seal, and warranty to showcase and increase customer trust.
Credits: Images with Cloudflare logos are from the official website and reflect official service descriptions.