Having an wildcard ssl(signed by CA) with cloudflare free plan


#1

Hello,
some things not clear to me.

first of all i need to use clodflare through DH. i cant sign-up from cloudflare.
so is it possible to have wildcard ssl thats signed by CA with free cloudflare signup though DH? or i must signup with cloudflare plus plan to have ssl?
also i am intend to have an application which my users will create subdomain names as they want, so when i install wildcard ssl, will those newly created subdomains will also have valid ssl? or i have to enable ssl for all the subdomains manually?

sorry for such questions, but in wiki of DH many things are confusing.


#2

CloudFlare provide wildcard SSL for free - you do not need to pay for it. The partner program that allows hosting companies like DreamHost to integrate CloudFlare doesn’t support Universal SSL. To get the Universal SSL for free, you would need to do the following:

  1. In DreamHost Panel, disable CloudFlare on your domain/sub-domains
  2. Sign up for an account over at CloudFlare.com
  3. Follow the instructions on adding your site
  4. Visit the DNS section of your domain and make sure all the records are added to CloudFlare as they’re not always able to detect all of them. Each sub-domain you want running through CloudFlare with Universal SSL MUST have the orange cloud enabled next to the DNS entry. You’ll know what I’m referring to once you get to this page.
  5. Change the nameservers for your domain to the ones provided by CloudFlare

You may have to wait up to 48 hours for your nameserver change to propagate. CloudFlare usually generates the free certificates within 24 hours. Please be advised this set up comes with a lot of overhead that you need to be aware of before considering this:

  1. Whenever you create a new sub-domain in DreamHost, you must get the IP address for that sub-domain and then add that entry into your CloudFlare.com account in the DNS section and then enable the orange cloud. Sometimes it can take a few hours for DNS to propagate.
  2. While extremely rare, your domains or sub-domains IP address may change at any time without notice. When this happens you would need to obtain the new IP address from DreamHost and then change the entries in your cloudflare.com account.
  3. To ensure compatibility with all types of sites and content management systems, you need to enable secure hosting for your domain and each sub-domain in your DreamHost panel using a FREE self-signed certificate. You then need to go to the “crypto” section in your cloudflare.com account and ensure that SSL is set to “Full” don’t use “Strict”!

As you can imagine this type of set up is a little difficult to manage but CloudFlare provides superior DNS performance and reliability that it may be in your favour to get used to this little process. Please only do this if you understand what you need to do and are comfortable in doing this. DreamHost may not be able to help you if you try this and you’re not able to get things working properly.


#3

thank you for you nice long reply, but maybe u didnt understand what i am trying to achive.

main reason to choose dreamhost is to get the benefit of railgun which is possible only signin up with cloudflare through dreamhost panel. not from choudflare.

second, like i said i need to add subdomain somehow from the script, because the application im intend to use will create a new subdomain for each newly registered user. so i cant do that manually…

did u get what im trying to say?

thanks again to put your attention on my post.


#4

My apologies, I did understand your message I simply forgot to include the part where DreamHost doesn’t allow you to add or remove domains or sub-domains using an API or script - it must be manually done. The instructions I gave you are the only way to achieve the SSL part of what you want minus automation and railgun.

As an addition to my instructions, I believe you can request a wildcard virtual host if you have a VPS which would remove the need to perform any manual tasks on DreamHost panel but you would still need a separate script for CloudFlare’s API to add each domain. The CloudFlare SSL certificate is a wildcard certificate however you cannot add a wildcard domain to CloudFlare and use their CDN or SSL - you would still need to manually (or using CloudFlare’s API) add each sub-domain and enable “CloudFlare” on each of them.