Can Access HTTP but Can't Access HTTPS

Had Cloudflare setup for a few hours now and for the first few hours everything was working fine, and my site displayed the padlock. Both http:// and https:// were secured.

Using Chrome, after a few hours I reloaded my site https://www.probablyraging.com/ and now it’s telling me ‘This site can’t provide a secure connection’ and ‘ERR_SSL_PROTOCOL_ERROR’. But if I used http:// it loads but is unsecured.

When I used my phone both version of the site load fine.

whynopadlock.com says I have SSL and Mixed Content issues 9c650a75-7c43-45dc-827c-8c4537bc2f44

I have cleared cache, cookies, browser data etc… and still no good.

For starters, remove the two x10hosting nameservers your domain is pointing to.

I can’t because the domain is parked at x10hosting, if I remove them I wont be able to access them anymore right? Plus SSL was working fine with them there up until an hour ago.

Your DNS records obviously need to contain the right values, but if they do you can certainly still access it, unless they require these nameservers, in which case you have to move away from Cloudflare.

Point is, as long as you do not remove these nameservers you cant have your domain on Cloudflare.

I’ll remove them and see if it helps, but can you explain why Cloudflare was successfully securing my site earlier even with the x10 nameservers and then just randomly stopped? If it helps my domain is from godaddy I just parked it at x10 to access my hosted website, when parking it I was told to use the x10 nameservers. Thanks

Considering you have an invalid DNS setup right now, it is impossible to say where you resolved to and what server you actually hit. You first need to get this in order.

Ok, have removed the x10 nameservers now. Considering it may take a while for it to update in the mean time can you explain why now when I use whynopadlock.com if I lookup https://www.probablyraging.com all if good but only half an hour ago it wasn’t?

Because you now have a proper setup. But the answer is the same as the one I gave in my previous response.

A completely different issue though, your server is not configured for HTTPS. It does not even present an invalid certificate but simply serves plain HTTP on port 443. If you want a secure site you definitely need to address that and contact your host to get that fixed.

It was showing as good before I removed the nameservers though, but half an hour before it wasn’t showing good.

What does not configured for HTTPS mean? Again, up until just before I made this thread I could use https:// perfectly fine?

It showed up the way it did because you had an invalid setup.

As for your HTTPS issue, you need to fix that as your server is not configured for HTTPS at all. It serves your site on HTTP no matter what.

Ok so cloudflare wont work until that’s fixed either? May I was how you can tell it’s not configured got HTTPS?

I see, and the only way to rectify that is to contact my hosting provider? Nothing I can do from my end?

The weird part is they even boast about offering Cloudflare via their cPanel, why would they have their servers configured in such an unsecure way?

Correct, that is something that your hosting provider needs to fix on their server. They configured a secure HTTPS port for an insecure HTTP communication. They will need to switch that entire configuration to HTTPS and configure a proper certificate for you.

To be honest, I would not be surprised if they did not honour your request and the best option might be to switch to a proper provider.

Yeah that’s starting to seem like an good option now. It is only a free service anyway so maybe that has something to do with it.

If I were to stay with them and deleting the x10 nameservers works at getting the padlock back, would it be that big of an issue? I’m only really using the site to host some files offsite but easily accessible to others. The issue is before I had SSL certs people were complaining that they were getting SSL errors when trying to link to my site.

I don’t mind if it’s not 100% secure, as long as people can reach the site without any errors.

True, many free hosts dont offer SSL or only as paid option, though that really shouldnt be the case these days.

Define big issue :). Your site basically wouldnt be secure but would pretend to be secure as the first leg to Cloudflare would be encrypted.

If you dont care about HTTPS I’d recommend to switch SSL on Cloudflare to “Off”, in which case there wouldnt be any HTTPS. That would be clear to your users and you wouldnt have to bother with HTTPS.

I’d obviously prefer it to be properly secure and for HTTPS to work, more I don’t want to have to transfer all my data to a new host :sweat_smile: I guess I’ll see how I go after my registrar updates and see if I have any problems connecting to the site and go from there.

Thank you for all your help! Appreciate it!

Background: I purchased probablyraging.com from GoDaddy and parked it at x10hosting so I could access probablyraging.x10host.com with my own domain. In the cPanel of x10 I setup Cloudflare.

When I test https://www.probablyraging.com at https://www.whynopadlock.com/results/bedccc82-0c94-4b6b-ae98-616e8feec31d everything says it’s working fine.

When I use Chrome try to access HTTPS://www.probablyraging.com I get ERR_SSL_PROTOCOL_ERROR
When I used my phone to access HTTPS://www.probablyraging.com I get Cloudflare Error 1016

Always Use HTTPS and Auto HTTPS Rewrites are active.

NOTE:- WHOIS will currently show my nameservers are x10’s, I’m just testing something, I was using Cloudflare’s at the time.

This topic was automatically closed after 31 days. New replies are no longer allowed.