Until recently we purchased SSL certificates for all our domain names, but with recent changes to Cloudflare and the new LetsEncrypt service it is possible to get SSL for free - and with less effort. Here you’ll learn about our preferred methods for setting up SSL on our sites served by Laravel Forge. The article assumes you already serve your sites through Cloudflare.

We use cloudflare.com for all our sites. Cloudflare serves or proxies your content through their servers, which gives you many advantages, including:

caching static files and providing HTTP/2 and SPDY support thereby speeding up page loads,

protecting your site against several types of attacks,

enables you to update the DNS records for your servers immediately, so you can switch servers instantly (We absolute LOVE this feature),

and the important part for this post: Cloudflare automatically provides a free wildcard SSL certificate for all communication between the client and their servers. (read more features in their docs …)

Securing the communication from Cloudflare to your server

Cloudflare automatically provides a free SSL certificate which provides the security between the client and the Cloudflare servers. However, you should also provide a way for Cloudflare to communicate securely with your server. Luckily, Cloudflare will accept that you set up your own self-signed SSL-certificate on your own server. It doesn’t need to be signed by an external authority.

The Cloudflare SSL-model is shown on the image below (courtesy of cloudflare.com). We are going to set up the Full SSL, which is available in the free subscription. If you subscribe to Cloudflare and use LetsEncrypt for SSL you can choose the Strict-model.