#1 2016-05-15 07:18:28

Trusted Member
From: Glorious 'Straylia
Registered: 2016-05-15
Posts: 28

How to setup SSL for your LES webserver (Cloudflare SSL)

Last time I tried to write this, the website went down when I tried to preview it *sigh*. Let's give it another shot.
This tutorial will teach you how to setup SSL on your LES vps. It is worth noting that this is not the same as installing a SSL certificate a webserver directly. The connection between the server and the end user, whilst being more protected than a setup without any encryption, will not beat a proper SSL setup.
This diagram should explain what I'm talking about:

If that doesn't bother you, read on. If it does bother you, I would suggest renting a VPS with a dedicated IPv4 address.

Now into the nitty-gritty.

• A working webserver (see this tutorial (it's brilliant).
• A domain name linked to your server (see this thread for more information)
• The ability to change you domain's nameservers. All paid domain registrars offer this, however, if you have some form of a free domain, you may not be able to.

The first thing you need to do is register for a cloudflare account here. After signing up, be sure to activate you account using the email sent to you.
Next you will need to add a site to cloudflare. This will come up automatically after signing up, and will look like this:
Obviously, you'll need to enter your domain name into the box, and click "begin scan". After their (annoying) video finishes playing, you'll be able to proceed to the next page, where you'll be shown you current DNS records. CHECK THESE OVER CAREFULLY, especially if you have other websites running from the same domain. Before you hit submit, TURN OFF CLOUDFLARE on all dns records for the time being (this means make sure all the little clouds are grey tongue). This can save allot of time later on.

The final thing you'll be asked to do is update your nameservers. What you have to do here varies. If you're using GoDaddy, the instruction are as follows (these can be adapted to many domain registrars' sites).

Navigate to [img=https://godaddy.com]goddady's website[/img] and login. Once logged in, return to the homepage.
Click your name in the top right, and then select "manage my domains" (please excuse the shoddy snipping tool skills).
Select the view style with the horizontal lines, as shown here:
This makes it easier for you to do more advanced things with your domain name, and stops godaddy from trying to sell you their crappy webhosting.
Click on the domain name your modifying.
Scroll down the page until you find where it reads "nameservers", and click manage.
Select "use custom name servers" and enter the ones provided by cloudflare. You can now change back to the cloudflare tab and click finish.
Your website will now show up as pending. Click the button that says "recheck nameservers" to queue your domain for a nameserver check (this should only take a few moments).
Once your domain name's status has change from "Pending" to "Active", we'll need to change a few settings in cloudflare before we give them more control over our website.
In the top navbar, select "crypto". Change the SSL setting to "flexible" if it's not already selected.
Optional: Navigate to the "Network" tab and enable the "IPv6 Gateway". This is handy is you ever want to do IPv6 work with your website, as it will allow IPv4 clients to connect.
Temporarily, we're going to need to enable cloudflare on your base domain (for example, if you LES webserver is running on example.test.com, you'll need to enable cloudflare on the test.com). The reason behind this is to allow cloudflare to issue the SSL certificate.
To do this, navigate to the "DNS" tab on the navbar, and click the cloud icon next to your base domain.
Now it's just a waiting game as to how long it will take cloudflare to issue your certificate (It took me about 10 minutes, although it can take up to 24 hours).
Once your certificate has been issued (you can check this in the "Crypto" tab we visited earlier), you can disable cloudflare on your base domain (if it's not the domain you're running your LES webserver on). Alternatively, leave cloudflare on and enjoy all the benefits it brings across all your domains. If your using a subdomain for your LES webserver, enable cloudflare on it. It may take a few moments, but your website should now be accessible via HTTPS!
Optional: Add a page rule to force your subdomain to use https. To do this, navigate to the "Page Rules" tab, and click "Create Rule". Enter the domain you're running your LES webserver on, and click "Add a setting". Select "Always use HTTPS", then hit "Save and Deploy".

And that's it! Post in the comments if you're having any issues and i'll try and help you out.
Also, please post any suggestions you have on how I can improve my tutorials big_smile
- Dextronox

Last edited by Dextronox (2016-11-05 09:24:48)


#2 2016-05-15 20:05:23

Moderator and your buddy
From: India
Registered: 2015-06-05
Posts: 602

Re: How to setup SSL for your LES webserver (Cloudflare SSL)

Good one i will check and report any errors within the tutorial

Good job and Thank you for spending your time to do this its much appreciated.

This has more friendly tone than your actual introduction

Welcome to LES forums smile

Just trying my best to help. ♥ |
“Remember to always be yourself. Unless you suck.” -Joss Whedon“Do what you can, with what you have, where you are.”-Theodore Roosevelt


#3 2016-05-15 22:43:29

Trusted Member
From: Glorious 'Straylia
Registered: 2016-05-15
Posts: 28

Re: How to setup SSL for your LES webserver (Cloudflare SSL)

Yeah, might be a good idea to change that introduction message. Now that I re-read it, it does come off a bit strong tongue
And thanks for taking the time to check my tutorial over!


#4 2016-09-22 20:11:00

Trusted Member
Registered: 2014-09-01
Posts: 8

Re: How to setup SSL for your LES webserver (Cloudflare SSL)

You know you can set SSL to full, create a self signed certificate and then you have SSL all the way through. Setting SSL to full means Cloudflare will ignore the self-signed part, if you have a legit certificate from letsencrypt then set it to Full (Strict).


#5 2016-11-05 09:22:43

Trusted Member
From: Glorious 'Straylia
Registered: 2016-05-15
Posts: 28

Re: How to setup SSL for your LES webserver (Cloudflare SSL)

If my understanding of how cloudflare ssl works is correct (and by all means, correct me if i'm wrong), for "full" ssl authentication to work, you have to accept port 443 connections on your webserver. This isn't possible on a NAT vps (with the exception being GestionDBI's services, as they now offer HTTPS proxying).

Last edited by Dextronox (2016-11-05 09:23:08)


Board footer

Powered by FluxBB