@markettrading2017, not sure if there is much point, but lets address it anyhow as you seem to be switching back and forth without responding here any longer.
Your âhostâ is famous for not providing proper SSL setups. Apparently they have âimprovedâ their offer from no-certificate-at-all to common-certificate-for-all, which is slightly better than what they offered before but still wont make your site properly secure.
As mentioned earlier you seem to be switching back and forth between proxying and direct and consequently between a redirection loop and an invalid certificate. None of that will make your site actually secure.
My advice would be to switch to a proper host where you get a proper certificate for your domain and then switch to âFull strictâ on Cloudflare and enjoy a properly secure site.
Should you refuse to do so, then you should at least switch to âFullâ. That will still leave your site vulnerable to certain attacks but will be more secure than your original choice of Flexible, which should never be chosen in the first place and only provides the appearance of security.