Deployment 10 min read Beginner Guide

SSL Certificate Setup: Free HTTPS Guide

Set up free SSL certificates for your is-pro.dev subdomain. Cloudflare SSL, Let's Encrypt, automatic provisioning, and troubleshooting HTTPS issues.

Written by Mayank Baswal

Founder of is-cool-me · DNS & Platform Infrastructure

Mayank Baswal maintains the is-cool-me platform and writes technical guides focused on DNS configuration, subdomain infrastructure, SSL troubleshooting, deployment workflows, and platform reliability.

GitHub Profile Contact
Reviewed by is-cool-me Technical Review

SSL Certificate Setup: Free HTTPS Guide

HTTPS is no longer optional — it is essential for security, SEO, and user trust. Every website should serve content over an encrypted connection. With is-pro.dev, you get free SSL certificates through Cloudflare, and you can combine them with Let's Encrypt for additional flexibility. This guide covers all the ways to set up SSL for your subdomain.

Why SSL Matters

SSL (Secure Sockets Layer) encrypts data between your visitors and your website. Without it, anyone on the same network can intercept sensitive information. Beyond security, HTTPS improves your Google search ranking, enables HTTP/2 for faster loading, and is required for many browser features like service workers and geolocation APIs. Modern browsers mark HTTP sites as "Not Secure," which discourages visitors.

How SSL Works on is-pro.dev

is-pro.dev uses Cloudflare for DNS, which means you have two SSL options:

Cloudflare's Edge Certificate (free): Cloudflare provides a shared SSL certificate that covers all proxied domains. When your DNS record has the orange cloud enabled, Cloudflare terminates the SSL connection at its edge and connects to your origin server over a separate connection. This certificate is automatically issued and renewed — no action needed.

Origin Certificate (free): If you need end-to-end encryption, Cloudflare also provides a 15-year origin certificate that you install on your server. This works with Full (Strict) SSL mode.

Setting Up Cloudflare SSL

When you register your is-pro.dev subdomain, SSL is automatically available if your DNS record is proxied through Cloudflare (orange cloud). To verify:

  • Go to your DNS settings and ensure the orange cloud is enabled for your subdomain
  • Visit your domain with https:// in the browser
  • Click the padlock icon to view the certificate details

    • The certificate will show Cloudflare as the issuer and your subdomain as the subject. It is valid for all is-pro.dev subdomains.

    Let's Encrypt Certificates

    If you prefer to use your own certificate or need DNS-only mode (gray cloud), Let's Encrypt provides free, 90-day certificates that auto-renew:

    Using Certbot:

    ``bash

    sudo apt install certbot

    sudo certbot certonly --manual --preferred-challenges dns -d your-subdomain.is-pro.dev

    `

    Using acme.sh:

    `bash

    curl https://get.acme.sh | sh

    acme.sh --issue --dns dns_cf -d your-subdomain.is-pro.dev

    `

    Using Caddy: Caddy automatically provisions and renews Let's Encrypt certificates for all configured domains with zero configuration.

    Configuring SSL on Your Server

    Nginx:

    `nginx

    server {

    listen 443 ssl;

    server_name your-subdomain.is-pro.dev;

    ssl_certificate /path/to/cert.pem;

    ssl_certificate_key /path/to/key.pem;

    location / {

    proxy_pass http://localhost:3000;

    }

    }

    `

    Node.js (Express):

    `javascript

    const https = require('https');

    const fs = require('fs');

    https.createServer({

    cert: fs.readFileSync('/path/to/cert.pem'),

    key: fs.readFileSync('/path/to/key.pem')

    }, app).listen(443);

    `

    SSL Best Practices

    Use Full (Strict) mode in Cloudflare SSL/TLS settings. This ensures both visitor-to-Cloudflare and Cloudflare-to-origin connections are encrypted with valid certificates.

    Set up HSTS (HTTP Strict Transport Security) to tell browsers to always use HTTPS:

    `

    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    `

    Redirect HTTP to HTTPS to ensure all traffic uses encryption:

    `nginx

    server {

    listen 80;

    server_name your-subdomain.is-pro.dev;

    return 301 https://$server_name$request_uri;

    }

    `

    Enable OCSP Stapling to improve TLS handshake performance:

    `nginx

    ssl_stapling on;

    ssl_stapling_verify on;

    `

    Troubleshooting SSL Issues

    Certificate not valid error: Ensure your system clock is correct and the certificate is not expired. For Let's Encrypt, certificates expire every 90 days.

    Mixed content warnings: Your page loads over HTTPS but includes HTTP resources (images, scripts, stylesheets). Update all resource URLs to use HTTPS or protocol-relative URLs.

    SSL handshake failed: This usually indicates a server-side configuration issue. Check that your server is listening on port 443 and the certificate files are accessible.

    ERR_SSL_PROTOCOL_ERROR: Your server may not be configured to speak SSL. Ensure the SSL module is enabled (Nginx: ssl directive, Apache: mod_ssl.so`).

    FAQ

    Q: Are Cloudflare SSL certificates free?

    A: Yes, Cloudflare provides free shared SSL certificates for all proxied domains on all plans.

    Q: How often do certificates renew?

    A: Cloudflare certificates renew automatically. Let's Encrypt certificates are valid for 90 days and auto-renew with tools like Certbot.

    Q: Can I use my own custom certificate?

    A: Yes. Cloudflare supports uploading custom certificates in the SSL/TLS section of the dashboard.

    Conclusion

    SSL certificates for your is-pro.dev subdomain are free and easy to set up. Cloudflare provides automatic SSL for proxied domains, and Let's Encrypt offers an alternative for custom setups. Whichever method you choose, encrypting your traffic protects your users and improves your site's credibility.