Yes, you can use Cloudflare with Let's Encrypt to obtain SSL/TLS certificates for your sites hosted on Laravel Forge. Here's how to set it up:
1. In Forge, go to the site you want to set up the SSL certificate for and select the "SSL Certificates" tab.
2. Click on the "Let's Encrypt (Beta)" button to begin the process.
3. For wildcard subdomains, list both the wildcard subdomain and root domain (e.g. `*.domain.com, domain.com`). Let's Encrypt requires providing API credentials for your DNS provider that supports the `dns-01` challenge type.
4. Forge currently supports Let's Encrypt wildcard DNS integration with Cloudflare. Your Cloudflare API token must have the `Zone.Zone.Read` and `Zone.DNS.Edit` permissions, and the token must have permissions on all zones attached to your Cloudflare account.
5. Cloudflare provides free SSL certificates to all connected domains and their first-level subdomains. However, if you have multiple nested subdomains (e.g. `staging.api.example.com`), the universal Cloudflare certificate may not cover those domains.
6. If your application requires multiple nested subdomains, it's recommended to disable Cloudflare proxying and use a traditional SSL certificate for your Forge site instead.
7. Forge will automatically renew your Let's Encrypt certificates within 21 days or less before expiration, at a random day and time to avoid overwhelming the Let's Encrypt servers.
By integrating Cloudflare's DNS service with Let's Encrypt in Forge, you can easily obtain free SSL/TLS certificates that cover your domain and subdomains. However, for more complex setups with multiple nested subdomains, using a traditional SSL certificate may be more appropriate.
Citations:[1] https://forge.laravel.com/docs/sites/ssl.html
[2] https://laracasts.com/discuss/channels/forge/cant-generate-ssl-certificate
[3] https://laracasts.com/discuss/channels/forge/setting-up-lets-encrypt-on-forge
[4] https://forge.laravel.com
[5] https://forge.laravel.com/features/free-tls-certificates