I just set up free CloudFlare plan along with 000WebHost on the Flexible setting.
On my CF dashboard I see the existing certificate for MovingInTogether.net, however the connection is not secure because a certificate for *.000webhostapp.com is served instead. How can I fix this?
You are not using Cloudflare at all.
Change this nameservers
Name Server: NS1.AUSWEBHOSTS.COM
Name Server: NS2.AUSWEBHOSTS.COM
to those assigned to you by Cloudflare.
You have correctly added your NS
I can see that from WhatsMyDNS
However, your website still points at your origin serverâs IP.
Did you follow all the process to add your domainâs IPs to CloudFlare?
Did you check the little orange Cloud to activate CloudFlare service?
This tutorial covers what records can be set to 
and what should be left at 
Youâre right. My bad, i missed the âinâ in my whois 
follow @StefanoWP advice and you should be fine.
@StefanoWP please donât post IP addresses without the users consent. This one is most likely a shared one, neverthelessâŚ
With Flexible? I doubt it 
Pure resignation
I know, I know, I understand 
Usually I hit âskipâ when the Fl word is mentioned 
@markettrading2017, I am just leaving this here -> Why flexible SSL mode is not the best choice
I am really sorry @MarkMeyer , I edited the answer, hopefully this will disappear. If not I can delete my answer and reply back with the correct one!
No worries, itâs gone. Only you and mods can still see it in the edit history.
Thanks! 
@markettrading2017, not sure if there is much point, but lets address it anyhow as you seem to be switching back and forth without responding here any longer.
Your âhostâ is famous for not providing proper SSL setups. Apparently they have âimprovedâ their offer from no-certificate-at-all to common-certificate-for-all, which is slightly better than what they offered before but still wont make your site properly secure.
As mentioned earlier you seem to be switching back and forth between proxying and direct and consequently between a redirection loop and an invalid certificate. None of that will make your site actually secure.
My advice would be to switch to a proper host where you get a proper certificate for your domain and then switch to âFull strictâ on Cloudflare and enjoy a properly secure site.
Should you refuse to do so, then you should at least switch to âFullâ. That will still leave your site vulnerable to certain attacks but will be more secure than your original choice of Flexible, which should never be chosen in the first place and only provides the appearance of security.
