Introduction
SSL certificates are no longer optional for websites — browsers actively warn users when visiting HTTP sites, and search engines penalize non-HTTPS pages in rankings. An SSL certificate encrypts traffic between your visitors and your server, protecting sensitive data and building trust. With an is-pro.dev subdomain, you get free SSL through Cloudflare's edge certificates, which are automatically provisioned and renewed. This guide explains how SSL works and how to ensure every page on your subdomain is served securely.
Prerequisites
- An is-pro.dev subdomain with DNS managed through Cloudflare
- A website or service hosted on your subdomain
- Access to your origin server to configure redirect rules (optional but recommended)
How SSL Certificates Work
SSL (or more accurately, TLS) uses public-key cryptography to establish an encrypted connection between a client (browser) and a server. When a visitor accesses your subdomain over HTTPS, the server presents its SSL certificate, which contains the domain name, the certificate authority (CA) that issued it, and the public key. The browser verifies the certificate against trusted CA roots. If valid, a symmetric session key is exchanged and all subsequent data is encrypted. Cloudflare's Universal SSL certificates are issued by Google Trust Services or Let's Encrypt and cover your subdomain automatically as long as DNS is proxied through Cloudflare (orange cloud enabled).
Step 1: Enable Cloudflare Proxy on Your DNS Records
In the is-pro.dev DNS dashboard, ensure your subdomain's DNS record has the proxy status set to "Proxied" (orange cloud). This routes traffic through Cloudflare's network, where SSL termination occurs. Cloudflare's edge servers present the SSL certificate to visitors, then forward the request to your origin server either over HTTP or HTTPS (depending on your origin configuration). The proxy must be enabled for Cloudflare's Universal SSL to work — DNS-only (gray cloud) records will not receive an edge certificate and your visitors would connect directly to your origin server without Cloudflare's SSL protection.
Step 2: Configure SSL/TLS Encryption Mode
In your Cloudflare dashboard, navigate to "SSL/TLS → Overview". You have four encryption mode options: Off (not recommended), Flexible (encrypts traffic between visitor and Cloudflare only), Full (encrypts traffic end-to-end but allows self-signed origin certificates), and Full (strict) (encrypts end-to-end with a valid CA-signed origin certificate). For most setups with is-pro.dev, Flexible mode is the easiest — Cloudflare terminates SSL at the edge and connects to your origin over HTTP. For maximum security, configure Full (strict) mode by installing a valid certificate on your origin server, such as one from Let's Encrypt.
Step 3: Force HTTPS with Redirect Rules
Even with SSL enabled, visitors might still access your subdomain over HTTP if they type the URL without HTTPS or click old links. In Cloudflare, go to "SSL/TLS → Edge Certificates" and enable "Always Use HTTPS". This redirects all HTTP requests to HTTPS automatically. You can also add a Page Rule for your subdomain: yourname.is-pro.dev/* with the setting "Always Use HTTPS" enabled. For additional security, enable "Automatic HTTPS Rewrites" which converts HTTP URLs in your page's HTML to HTTPS, preventing mixed content warnings.
Step 4: Configure HSTS (HTTP Strict Transport Security)
HSTS tells browsers to always connect to your subdomain over HTTPS, even if the user types HTTP in the address bar. This prevents downgrade attacks and SSL stripping. In Cloudflare, go to "SSL/TLS → Edge Certificates" and enable "HTTP Strict Transport Security (HSTS)". Start with a max-age of 3600 seconds (1 hour) for testing, then increase to 31536000 seconds (1 year) after confirming everything works. Include the includeSubDomains directive if you want all subdomains covered. Enable "Preload" to submit your domain to browser preload lists, giving you protection from the very first visit.
Step 5: Verify SSL Configuration
Use the SSL Checker tool on is-pro.dev to verify your SSL certificate status. It will confirm the certificate issuer, expiration date, and encryption strength. Visit your subdomain in Chrome or Firefox and click the padlock icon in the address bar to view certificate details. Run an SSL Labs test (ssllabs.com) for a comprehensive security assessment of your configuration. Check for common issues like mixed content warnings (HTTP resources loaded on HTTPS pages), expired certificates, and weak cipher suites. A properly configured SSL setup earns an A+ rating on SSL Labs.
Best Practices
- Renew certificates before they expire — Cloudflare does this automatically for edge certificates, but origin certificates need manual renewal or Certbot automation
- Use Full (strict) encryption mode when you control the origin server and can install a valid origin certificate
- Monitor SSL expiration dates using the SSL Checker tool or set up calendar reminders
- Test your site's SSL configuration after any DNS change, as misconfigured records can break certificate validation
Conclusion
SSL configuration for an is-pro.dev subdomain is straightforward thanks to Cloudflare's automatic certificate management. By enabling proxy mode, configuring the right encryption level, and enforcing HTTPS with HSTS, you ensure every visitor connects securely. This protects your users, improves your search engine ranking, and is a prerequisite for many web platform features like service workers and geolocation APIs.
FAQ
Do I need to install anything on my server for Cloudflare SSL to work?
In Flexible mode, no — Cloudflare handles SSL at the edge. For Full (strict) mode, you need a valid certificate on your origin server.
Is the SSL certificate really free and auto-renewing?
Yes, Cloudflare provides Universal SSL certificates for all proxied domains at no cost. They renew automatically with no action needed from you.
Why does my subdomain show a certificate warning?
This typically happens if your DNS record is set to DNS-only (gray cloud) rather than proxied (orange cloud). Check your DNS settings and ensure proxy is enabled.
FAQ
Is Security setup free on is-pro.dev?
Yes, all subdomains on is-pro.dev include free DNS management and SSL certificates.
How long does DNS take to propagate?
Cloudflare typically propagates DNS changes within seconds to a few minutes globally.
Can I use this for commercial projects?
Yes, is-pro.dev subdomains can be used for personal and commercial projects within our fair use policy.