Free Wildcard SSL Using Forge + Cloudflare

• Cloudflare doesnt require any renewal process to ever run on my server. LetsEncrypt renewals must run on my server at least every 3 months and thats just one more thing that sometimes can (and does) go wrong.
  
  
• Cloudflare supports wildcard sub-domains.
  

11-09-2017, 01:02 AM

BGSTAR-TR Wrote:

Securing sites with SSL used to be a headache. However, in the last few years it has become infinitely easier (and cheaper) to secure your site.Forgehas always had support for easily installing SSL certificates, and even offers integration with LetsEncrypt to install free SSL certificates.

However, I personally prefer to useCloudflare, another service that offers free SSL certificates, as well as a variety of other free and paid services that are useful for web developers. I prefer Cloudflare because:

• Cloudflare doesnt require any renewal process to ever run on my server. LetsEncrypt renewals must run on my server at least every 3 months and thats just one more thing that sometimes can (and does) go wrong.
  
  
• Cloudflare supports wildcard sub-domains.
  

Creating TheSite

First, create a site with your desired domain inLaravel Forge:

This will create the proper Nginx configuration needed to serve this site as well as place a standard PHP information page in the sites directory. Once the site has been created, you can install a Git repository:

Once the repository is installed, its time to configure Cloudflare.

Configuring Cloudflare

Of course, before continuing you will need a Cloudflare account and a domain name you want to manage on Cloudflare. In addition to managing your SSL, Cloudflare will also be the place you manage the DNS records for your site, so you will need to point your domains nameserver records to point at Cloudflares nameservers:

Once you have done this, add A records for your domain in Cloudflares DNS manager. The A records should point to your Forge servers IP address. For this example, I am going to add a root A entry as well as an entry for the ?www subdomain:

Once the DNS has been configured, you may enable SSL on the Cloudflares ?Crypto tab. First, lets set the SSL option to ?Flexible:

Once the certificate is active, you should be able to navigate to your domain and see a green lock in your browser indicating the request was secured. Great! Next, lets talk about a few caveats and things you should know.

Configuring Full Encryption

Cloudflares ?flexible SSL mode will get you a green lock in your browser; however, traffic between Cloudflare and your server is still unencrypted. The only encrypted part of the request is the segment between your users browser and Cloudflares servers. In order to encrypt the entire request cycle we can use Cloudflares ?Full encryption mode.

First, click the ?Create Certificate button in the ?Origin Certificates section of Cloudflares ?Crypto tab. The default options on the resulting modal window should be sufficient:

After clicking ?Next, you will be presented two large text blocks: one for the private key and one for the certificate. Copy both of these text blocks and head back over to Forge.

In Forge, we will install this certificate and key using the ?Install Existing Certificate option under the ?SSL tab of Forges site management panel:

Once the certificate is installed and activated in Laravel Forge, you should activate the ?Full SSL mode on Cloudflares ?Crypto tab:

Now your requests are fully encrypted all the way to your server! Origin certificates generated by Cloudflare are valid for 15 years, and may easily be re-issued via the Cloudflare dashboard.