Cloudflare origin CA free SSL installation guide on Godaddy

Cloudflare origin certificate guide on godaddy

Edit 10/07/2019: We highly recommed not to use Godaddy for any serious website! We may write an article detailing why in the future.

Step by step guide to installing a SSL origin certificate on Godaddy using cPanel

The aim of this post is to quickly go through the setup process to get you started as fast as possible rather than an in-depth article. Let’s set up a free full(strict) SSL certificate provided by Cloudflare on a shared hosting plan from Godaddy.

This guide lists each step to follow in order to encrypt the connection between your website visitors and CloudFlare AND from CloudFlare to your server using the free Cloudflare plan. We will explain why your site should be using an SSL certificate and how to set it up on both Cloudflare and Godaddy.

Why should you use SSL?

Cloudflare briefly and simply explains this: “Use SSL in order to encrypt data, like credit card numbers, and other sensitive information while in transit to and from your website. SSL encryption ensures that communication between your visitor and website is confidential.

Additional benefits of SSL:

  • Visitors have a way to verify that they are on your website and not that of an impostor
  • Visitors can verify that your website’s content has not been modified in transit
  • Your website’s search engine ranking may be improved”

Setting up Cloudflare origin CA certificate

You should already have setup Cloudflare but if this is not the case, you can signup and follow the provided instructions.

    • Go to the “crypto” page
    • Click on “create certificate” button located in the “origin certificate” box

Origin CA create certificate step 3

    • Select “Let Cloudflare generate a private key and a CSR”
    • Enter your domain(s) and click NEXT. Note that you can add any other domains e.g. abc.com, def.com, etc

Origin CA installation step 1

    • On the next screen, keep the default PEM key format

Cloudflare CRT PEM key creation

  • Copy both your origin certificate and private key
  • Click OK

For more details regarding the creation of the certificate, you can follow this guide by CloudFlare.

You should now be all set but do not yet turn the SSL to full (strict) mode as we need to install the certificate on Godaddy first.

Installing SSL on Godaddy using the cPanel

This is very easy as there is an SSL section in the cPanel which allows the creation or upload of the certificate and private key. It’s also where we will be installing the certificate.

    • In the cPanel, click on SSL/TLS

Godaddy Cpanel Security area

    • Go to the “Private Key (KEY)” page and UPLOAD the key you generated earlier

Godaddy-upload-private-SSL-key

    • Follow the same step for the “certificate (CRT)”
    • Click on “manage SSL sites”
    • Keep all options as they are and select your domain
    • A new “autofill by domain” button should appear. Click on it

Godaddy install SSL on Cpanel

  • Your key and certificate should now be visible, only the last input should be empty (CABUNDLE). If you try to install the origin CA at this point, you may get an error similar to this: “cloudflare ca bundle certificate authority bundle cloudflare the system did not find the certificate authority bundle that matches this certificate
  • If you get an error, enter the Cloudflare origin CA RS root provided below (source)
  • Click the “Install certificate” button

CloudFlare Origin CA — RSA Root

-----BEGIN CERTIFICATE-----
MIID/DCCAuagAwIBAgIID+rOSdTGfGcwCwYJKoZIhvcNAQELMIGLMQswCQYDVQQG
EwJVUzEZMBcGA1UEChMQQ2xvdWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRG
bGFyZSBPcmlnaW4gU1NMIENlcnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMN
U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTAeFw0xNDExMTMyMDM4
NTBaFw0xOTExMTQwMTQzNTBaMIGLMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xv
dWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRGbGFyZSBPcmlnaW4gU1NMIENl
cnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEG
A1UECBMKQ2FsaWZvcm5pYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMBIlWf1KEKR5hbB75OYrAcUXobpD/AxvSYRXr91mbRu+lqE7YbyyRUShQh15lem
ef+umeEtPZoLFLhcLyczJxOhI+siLGDQm/a/UDkWvAXYa5DZ+pHU5ct5nZ8pGzqJ
p8G1Hy5RMVYDXZT9F6EaHjMG0OOffH6Ih25TtgfyyrjXycwDH0u6GXt+G/rywcqz
/9W4Aki3XNQMUHNQAtBLEEIYHMkyTYJxuL2tXO6ID5cCsoWw8meHufTeZW2DyUpl
yP3AHt4149RQSyWZMJ6AyntL9d8Xhfpxd9rJkh9Kge2iV9rQTFuE1rRT5s7OSJcK
xUsklgHcGHYMcNfNMilNHb8CAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgAGMBIGA1Ud
EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFCToU1ddfDRAh6nrlNu64RZ4/CmkMB8G
A1UdIwQYMBaAFCToU1ddfDRAh6nrlNu64RZ4/CmkMAsGCSqGSIb3DQEBCwOCAQEA
cQDBVAoRrhhsGegsSFsv1w8v27zzHKaJNv6ffLGIRvXK8VKKK0gKXh2zQtN9SnaD
gYNe7Pr4C3I8ooYKRJJWLsmEHdGdnYYmj0OJfGrfQf6MLIc/11bQhLepZTxdhFYh
QGgDl6gRmb8aDwk7Q92BPvek5nMzaWlP82ixavvYI+okoSY8pwdcVKobx6rWzMWz
ZEC9M6H3F0dDYE23XcCFIdgNSAmmGyXPBstOe0aAJXwJTxOEPn36VWr0PKIQJy5Y
4o1wpMpqCOIwWc8J9REV/REzN6Z1LXImdUgXIXOwrz56gKUJzPejtBQyIGj0mveX
Fu6q54beR89jDc+oABmOgg==
-----END CERTIFICATE-----

The very last step! Turn your SSL ON on Cloudflare

cloudflare SSL option drop down

You should now be ready to use the full(strict) SSL on your website. Go back to the CRYPTO page on Cloudflare and select “full (strict)”.

Make sure that your website works by loading it using https.
Edit:As mentioned in the comment section, you should make sure that your website uses ‘https://’ URLs so you may want to add redirects rules and check that all content is loaded from secure URLs.

Feel free to let me know if you have any questions or would like to add anything to this post. I hope it was as quickly and easy to follow as possible. Cheers!

Wanna try Digital Ocean’s services instead? Gets USD$100 in credit over 60 days here

Do you need help installing your SSL certificate? See our web maintenance service here

    Contact Us

    Your Name (required)

    Your Email (required)

    Max Budget (HKD)

    How did you hear about us?

    Project requirement document

    Your Message

    Please note: In order to speed up our response, please do provide as much information as possible with a link to any available supporting documents such as project description. Due to high demand, we may not be able to reply to vague requests