If I Use the Universal Cloudflare SSL Certificate, Do I Still Need 301 Redirects from HTTP to HTTPS?

[Crystall]

Hi all, I have a newbie question regarding Cloudflare and their free SSL. I don't have SSL on my existing sites and wish to go the encryption route seeing the latest Semrush study and what I know was coming down the road. For my existing sites if I use the free Universal CloudFLare SSL certificate do I still 301 my pages/images (http->https) etc? Sorry if this is question is a little silly but since it's free I just want to double-check before I make any permanent changes. I am aware of fluctuation in rankings afterward ( it's a risk I may have to take). Also, what is your experience of the free SSL from Cloudflare for those who are using it? Would you recommend it?

 

[Robin]

Hi all, I have a newbie question regarding Cloudflare and their free SSL. I don't have SSL on my existing sites and wish to go the encryption route seeing the latest Semrush study and what I know was coming down the road. For my existing sites if I use the free Universal CloudFLare SSL certificate do I still 301 my pages/images (http->https) etc? Sorry if this is question is a little silly but since it's free I just want to double-check before I make any permanent changes. I am aware of fluctuation in rankings afterward ( it's a risk I may have to take). Also, what is your experience of the free SSL from Cloudflare for those who are using it? Would you recommend it?

Yes, you need to set up a 301 redirect (HTTP>HTTPS) - either through CloudFlare or e.g. .htaccess

I use it on several websites to mix it on - it's especially very useful if e.g. Let's Encrypt is not provided by the web hosting provider.
Very easy and free way to get a website running HTTPS.

I use the following plugins: https://wordpress.org/plugins/cloudflare-flexible-ssl/

You can follow this guide: https://jonnyjordan.com/blog/how-to-setup-cloudflare-flexible-ssl-for-wordpress/
I would recommend settings it up/testing on a test website (non-important) at first, as it very easy to get a redirect loop - just to get a feel of the process.
However, I would never use a "WordPress SSL plugin" which changes your resources to use HTTPS (as they mention in the guide) - it's a bit of an important/risky thing to rely on a plugin on.
Instead just do it manually - it's really not that time-consuming.
E.g. replace the post meta with a plugin: https://wordpress.org/plugins/better-search-replace/

The only "concern" I have, is that the certificate is not issued to your domain, however, to CloudFlares server. How Google looks at that; hard to tell - I believe it's better than nothing. But Google surely knows, that the connection between your server and CloudFlare is not encrypted - so for actually getting a fully encrypted connection; this won't do it.

Screenshot of a website using CloudFlares certificate.

 

[Crystall]

Yes, you need to set up a 301 redirect (HTTP>HTTPS) - either through CloudFlare or e.g. .htaccess

Thank you @Robin for the all the info you've provided, it's very helpful. Am going to implement it and very likely do the redirects manually also. Thank you again!