Bad Gateway 502 Error after purchasing Dedicated SSL

dedcerts

#1

Hey there,

I recently pointed my name servers to Cloudflare because I want to use the CDN service for my WordPress. There wasn’t any problem here. Now I would like to use a SSL Certificate and decided to go with the Dedicated Certificate which I purchased yesterday (I used the free one before) so as soon as I purchased it I got a Bad Gateway 502 Error when I open my domain. I can see the green https:// but my page won’t load. I contacted my hosting provider but it seems like there is nothing wrong on their end. I then paused my account with Cloudflare so that the service is inactive and my page was able to load that way. Obviously without the green https://. I contacted Cloudflare support multiple times but by now haven’t gotten any response. I am not familiar with all that so I don’t know what to do at all. I would appreciate any form of help big time.

My domain is: www.patricklemmer.com

Free Cloudflare Account

SSL Settings:

SSL Full (strict)
Always Use HTTPS -> ON

TIA


#2

Does your origin server also have SSL? What happens if you change SSL to regular Full, or just Flexible?


#3

Sorry If it sounds stupid but I am really not good at that stuff lol.

With Origin Server you mean my host’s servers? I haven’t installed anything or done anything there since I got the SSL. So I’m not sure.

When I change SSL:

regular Full: https://prnt.sc/hfgju5 and https://prnt.sc/hfglac 404 Page not Found

flexible: https://prnt.sc/hfgkbr Page is loading

off: https://prnt.sc/hfgkt3 and https://prnt.sc/hfgkw4


#4

Just checking what we have so far:

  1. You said you had “the free one” before. So some form of SSL was working.
  2. If you Pause Cloudflare, your site works with just http
  3. With Flexible SSL, you say your Page is loading. I take it that this setup works.

Did you change that SSL setting when you bought your certificate? It sounds like your origin server (yes, your host) doesn’t have SSL. In that case, you should be using Flexible SSL.


#5
  1. Yes, from Cloudflare as well. When I joined midweek I used the Universal (Shared) SSL that comes with a Free account.

  2. When I Pause it looks like this:


    so there it works with https

Is there actually something I have to do like connect something with my Hosting Provider? I just checked and I can either buy a Certificate there or Install one from a Third Party Provider (which is the case I guess). Is that a must?

And just a general thing: Shouldn’t the https:// be green and say “Secure”?


#6

You can add the Third Party SSL using a Cloudflare-only certificate on your sever. It’s not a must, but it’s a good to have.

At the moment, you have a working setup. I can reach the HTTPS version of your site via Cloudflare. I would suggest you enable “Always Use HTTPS” and “Auto HTTPS Rewrites” in your Cloudflare Crypto tab.

Your HTTPS is not green because your page is directly referencing some HTTP resources (mixed content). The above Crypto settings may help with this, but you should go through your site and make sure everything is set for HTTPS.


#7

You can also apply the HTTP header Content-Security-Policy and use the block-all-mixed-content directive: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content or the upgrade-insecure-requests directive: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
This way you can get rid of the mixed content, but you will have to manually fix those resources not available via HTTPS. (Tip: Use Chrome or Firefox console panel to get information about what resources are being blocked).


#8

Changed settings.

How do I make sure everything is set for HTTPS? Is that doable for a someone with hardly any knowledge about stuff like this? Just want to make sure that I don’t destroy anything completely.


#9

In Wordpress, use Settings->General to make sure your Wordpress URL and Site URL are set to https


#10

changed both from http to https. now when i try to open domain.com/wp-admin or domain.com i get this.

https://prnt.sc/hfin7h :-:smirk:


#11

Ack! Sorry, that would only work after you install a local SSL cert and can use SSL Full. So back to http in your Wordpress settings. You’ll probably have to :grey: your domain to fix this. Again, my apologies for steering you wrong.


#12

now i am even more confused lol. not able to get back to wp login. changed domain to black cloud in dns. then tried to access the site.

used different browers cleared chache. not working. what can i do now to change wp settings again?


#13

DNS is still giving me a Cloudflare address. Two things to do right now:

  1. See if you can get to http://patricklemmer.com/wp-admin (http instead of https)

  2. Edit wp-config.php on your server and manually change the settings:

    define(‘WP_HOME’,‘http://patricklemmer.com’);
    define(‘WP_SITEURL’,‘http://patricklemmer.com’);


#14

Option 3 (and one you should eventually pursue), though at this point, I’m hoping to get you back to a workable site with the least effort, so this would be a last resort.

Install Cloudflare’s third party SSL certificate via cPanel.


#15

OK. opened wp-config.php but am not able to find

Blockquote

define(‘WP_HOME’,‘http://patricklemmer.com’);
define(‘WP_SITEURL’,‘http://patricklemmer.com’);

or must i add it to the file?


#16

Add them.


#17

done. am back in wp.


#18

This is the only mixed resource my browser found on your homepage:


#19

So there’s still a mixed content issue.

On Cloudflare’s Crypto page, do you have both “Always Use HTTPS” and “Automatic HTTPS Rewrites” turned on?


#20

yes, both on.