Community Tip - Security FAQ Read Me First

Please Read Before Posting

Please review this post and the ones linked and use the :search: in the top right to search for your issue. This Community Tip has questions and answers for the most frequently asked questions about DNS & Networking, the :search: will reveal additional advice & insight.

Background
This Security FAQ covers Cloudflare Spectrum, Cloudflare Access, Free Universal SSL, edge certificates, self signed certificates, and origin certificates, TLS, HSTS, and anything else on the SSL/TLS app.

FAQ & A

Connection Not Secure Questions

`Connection not secure`. Why?

Why isn’t there a green padlock?

My certificate shows as issued, but my site is not secure. Why?

I activated Cloudflare, now my site is messed up. Why?

  1. Clear your browser cache, try from an incognito window, try a different browser, and/or try from mobile.
  2. You have a certificate, but your site is not secure due to mixed content. You have content on the site which is being served over http which results in a mixed content warning. Enable the ‘Always use HTTPS’ and ‘Automatic HTTPS rewrites’ options in the SSL/TLS app of your Cloudflare dashboard and see it that fixes the issue.
  3. Always use HTTPS and Automatic HTTPS Rewrites did not 100% help. On the SSL/TLS app, you have an option for Automatic https rewrites, if you’re making a call using http, that will switch it to https…for everything but css and javascript calls.
  4. Your site is “messed up” due to mixed content blocking your css and javascript files.

Connection Not Secure Research Resources

ExpertTips- Search posts from experts and those in the know,
CommunityTips - The definitive resource for troubleshooting help.
Site Search - Know before your post, include #CommunityTip in your search.
Help Center - Insight into all things Cloudflare
Learning Center - What is SSL.

SSL Setting Questions

Should I set SSL to Flexible, Full, or Full (Strict)?

  1. Full (Strict) is the most secure setting.
  2. Full will work with expired or free self-signed origin certificates.
  3. Flexible will give you a green padlock, but traffic between Cloudflare and your origin is not secure.

SSL Setting Research

ExpertTips- Search posts from experts and those in the know,
CommunityTips - The definitive resource for troubleshooting help.
Site Search - Prepare before you post, include #CommunityTip in your search.
Help Center - Detailed SSL FAQ
Community Tutorials - Why flexible SSL mode is not the best choice.

Certificate Questions

Why is my certificate not yet issued?

  1. The site just became active on Cloudflare, it can take up to 24 hours for the Cloudflare certificate to be active. You can :grey: cloud the record while waiting.
  2. You deleted and re-added the domain to Cloudflare. When you delete your domain this will cancel and delete the existing SSL certificate as well. This means that when you re-add your domain we’ll need to order a new certificate for you, which will take up to 24 hours. You can continue to track the status of the SSL certificate through the SSL/TLS app.
  3. Your certificate is issued, there are issues like mixed content on your site preventing it from loading securely.

Certificate Research Resources

ExpertTips- Search posts from experts and those in the know,
CommunityTips - Best Practices for Certificate Provisioning.
Site Search - Prepare before you post, include #CommunityTip in your search.
Help Center - Insight into all things Cloudflare
Learning Center - Background on the basics.
Tutorial - How To From the Community

Certificate Details Questions

Why is this site on my certificate?

  1. Using shared certificates has that possible effect. For 5$/month you can buy dedicated certificate that is only for you.
  2. Note that this does not affect google safe browsing or search rankings, as they don’t rank or use the certificate SAN’s. If you want to keep your LE certificate, you can disable the CF proxy by setting DNS to :grey:, or you can buy the $5/month dedicated SSL.

Certificate Details Research Resources

Site Search - Prepare before you post, include #CommunityTip in your search.
Help Center - Insight into all things Cloudflare
Learning Center - Background on the basics.
Tutorial - How To From the Community

Firewall Questions

What firewall rule was triggered?

What firewall rules should I use?

My site is under attack, what should I do?

  1. Rules triggered are in the firewall events log.
  2. Use the API to find out.
  3. Recommended steps after setting IAUAM.
  4. Understanding the order of managed rules v firewall rules.

Firewall Rules Research Resources

ExpertTips- Search posts from experts and those in the know,
CommunityTips - The definitive resource for troubleshooting help.
Site Search - Prepare before you post, include #CommunityTip in your search.
Help Center - Insight into all things Cloudflare
Learning Center - Background on the basics.
Tutorial - Viewing Rules - How To From the Community

Light Reading
What is SSL?
Web Application Security

Research The Issue
YouTube
Community
Google

If You Need More Help
This community of other Cloudflare users may be able to assist you, when you post, make sure to indicate what research and remediation steps you have taken in order to help the Community help you.

To reach support, login to Cloudflare and then contact Cloudflare Support. When you contact support, make sure to include as much of this information as possible: the specific error message you are seeing, the URLs this is happening on, screen shot of the error, Ray ID, steps to reproduce the error, and HAR file(s). Please indicate what you’ve tried in order to help Customer Support help you.

Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments like: “What are the three things to always try”, or “Do this first” or “In my experience”.

This is a Cloudflare Community Tip, to review other tips, click here.

Çevirmek…traduzir…翻译…traducir…Traduire…Übersetzen…:greyg: Translate this Tip

AQSECT 101519

2 Likes