Configuring Cloudflare HTTPS with Auto-SSL issued to domain by cPanel

The ticket # is 1728712

Thank you, sorry for the delay. I see the ticket and your reply @dainik.saamana25, i will keep an eye on progress with the support team.

1 Like

Any further update on this?

@sdayman @cloonan

Hi guys, I have received the following reply to my support ticket

And below is my response to the ticket.

Please help me out to get this resolved. I have already tried every suggested configuration but nothing seems to work. Please suggest any other methods.

Thanks

There’s just nothing we can do from this end for a 502 error. I know it’s frustrating, but Cloudflare is attempting to reach your server, but is getting rejected.

I would push Cloudflare Support one more time and have them investigate what happened with the Ray ID in your screenshot. They should be able to tell you with more confidence what happened. But it’s a 99% chance your host blocked the request.

Hosts rarely want to take the time to dig through logs to track down a specific error, so they just show you a “Hey, your site is working when we connect directly” and say it’s not their problem.

Again, I know this is really frustrating and I know the feeling. It’s no fun digging through server and firewall logs. It’s a needle in a haystack, but if you can tell your host the exact time of the error, hopefully they can see the error code and why the connection was blocked.

@sdayman Thanks for your prompt reply. I appreciate your patience and your efforts to try resolve this issue.

I will definitely connect with the hosting company once again to check if anything is missing from their side.

In the meanwhile, can you review if I have done things correctly as per the current situation in the screenshot I shared in my last post. I just want to make sure that I am not missing out anything from my end in configuring WordPress or Cloudflare.

Thanks.

For now, configure cPanel to make sure your site is always redirected to HTTPS. And then fix the Mixed Content errors.

To fix the mixed content error I’ll again have to install the Really Simple SSL plugin on our WP but as I understand its not recommended if we want to use Cloudflare right?

It’s a band-aid for the right way to fix it, but it will work. It’s also one more thing that adds complexity, but let’s just get your current site working properly. Hopefully it will take care of redirecting to HTTPS as well as the Mixed Content.

Thanks, I’ll get it installed and fix the mixed content issue. Meanwhile hoping for some solution on the SSL issue. Cloudflare support engineer suggests that its an issue on the hosting server side. Further ticket replies as below;

From Cloudflare

Hi Shashank,

If you were experiencing issues with your SSL configuration or validation, I would expect a 525 or 526 error.

For 502 errors, we would simply proxy the error being received from the origin back to the client so this should be appearing in the logs on the origin. I have pinpointed the exact request shown in the screenshot by RayID and can confirm that this was the case in this instance.

When I ran a curl to check the transaction timing both directly to your site and through Cloudflare, I can see considerably slower than expected TTFB timings both directly to your site and through Cloudflare, although Cloudflare is slightly quicker (listed as time_starttransfer)

$ curl -w "@curl-format.txt" -o /dev/null -s "http://saamana.com/"

time_namelookup:  0.258505
time_connect:  0.438392
time_appconnect:  0.000000
time_pretransfer:  0.438530
time_redirect:  0.000000
time_starttransfer:  3.192358
                    ----------
time_total:  3.192461

$ curl -w "@curl-format.txt" -o /dev/null -s "http://saamana.com/" --connect-to ::104.27.188.157

time_namelookup:  0.000049
time_connect:  0.157898
time_appconnect:  0.000000
time_pretransfer:  0.157999
time_redirect:  0.000000
time_starttransfer:  2.130494
                    ----------
time_total:  2.130578

Additionally, I can see dropped packets in MTR from Cloudflare to the origin which could be exacerbating the issue and causing these 502’s to occur.

host            loss %  rcvd packets  sent packets  best  avg  worst
--------------  ------  ------------  ------------  ----  ---  -----
141.101.70.1    0       30            30            0     3    14   
195.66.226.204  0       30            30            0     2    20   
182.79.141.48   0       30            30            129   130  137  
125.19.200.162  0       30            30            129   129  129  
-               -       -             -             -     -    -    
103.*.*.45   20000   24            30            135   136  147  

You may wish to use the above or WebPageTest to generate some logs you can generate to share with your hosting provider to show that there is an issue here.

Let me know if you need any further help and I will try to assist.

My response as below

Thanks for the detailed explanation. Just so that I have a strong case when I talk to the hosting support, can you please explain to me why does this issue occur only on https:// setup and not on http:// ?

We’ve been using Cloudflare on http:// for the past couple of years and despite a slow site load time, everything seemed to work correctly. In fact, even now when I turn off SSL on the domain and then enable Cloudflare it works correctly. The issue arises only on https:// setup.

Any idea why would this be happening?

As to why you’re seeing this on https and not http, I suspect over http the unsafe script just loads, although the suggestion from Support to use “WebPageTest to generate some logs you can generate to share with your hosting provider” may help to verify that. Here are the mixed content errors @sdayman mentioned.

The plugins and auto https rewrites can only help so much. At some point, you’ll want to correct the http references in your code. To avoid calling those resources via http, you can use a relative reference as mentioned in the Tip in this thread from several days ago.

Mixed Content: The page at ‘https://www.saamana.com/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://www.saamana.com/wp-content/plugins/popup-with-fancybox/inc/jquery.fancybox.css?ver=4.6.1’. This request has been blocked; the content must be served over HTTPS.
(index):118 Mixed Content: The page at ‘https://www.saamana.com/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://www.saamana.com/wp-content/plugins/league-table/public/assets/css/general-min.css?ver=2.06’. This request has been blocked; the content must be served over HTTPS.
5Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure script ‘’. This request has been blocked; the content must be served over HTTPS.
14[Intervention] Slow network is detected. See for more details. Fallback font will be used while loading:
NtkWbvq6Qjp.js?_nc_x=Ij3Wp8lg5Kz:52 ErrorUtils caught an error: “Tried to listen to element of type click from Error: Cannot listen to an unde…”. Subsequent errors won’t be logged; see Internal Login.
b @ NtkWbvq6Qjp.js?_nc_x=Ij3Wp8lg5Kz:52
www.googletagmanager.com/gtm.js?id=GTM-WQSXJSV:1 Failed to load resource: the server responded with a status of 404 ()
ads:1 Failed to load resource: the server responded with a status of 403 ()
ads:1 Failed to load resource: the server responded with a status of 403 ()
ads:1 Failed to load resource: the server responded with a status of 403 ()
ads:1 Failed to load resource: the server responded with a status of 403 ()
(index):9 Uncaught TypeError: Cannot read property ‘style’ of null
at HTMLDocument. ((index):9)
(index):1 Mixed Content: The page at ‘https://www.saamana.com/’ was loaded over HTTPS, but requested an insecure favicon ‘http://www.saamana.com/wp-content/uploads/2019/03/saamana-logo-favicon.png’. This request has been blocked; the content must be served over HTTPS.
(index):1 Refused to execute script from ‘https://dpm.demdex.net/demconf.jpg?et:ibs’ because its MIME type (‘image/gif’) is not executable.
(index):1 Refused to execute script from ‘https://dpm.demdex.net/ibs:dpid=96678&dpuuid=P3pfzdEIfSzT’ because its MIME type (‘image/gif’) is not executable.
(index):1 Mixed Content: The page at ‘https://www.saamana.com/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://www.saamana.com/wp-content/plugins/popup-with-fancybox/inc/jquery.fancybox.css?ver=4.6.1’. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at ‘https://www.saamana.com/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://www.saamana.com/wp-content/plugins/league-table/public/assets/css/general-min.css?ver=2.06’. This request has been blocked; the content must be served over HTTPS.
ads:1 Failed to load resource: the server responded with a status of 403 ()

1 Like

@cloonan thanks for your detailed reply. So as I get it you are suggesting that instead of using a redirection plugin like Really Simple SSL we should replace all the reference in the site code to https:// right? This is going to be a massive exercise for us as the site is vast and has 10yrs of data stored across multiple databases but still let’s assume we somehow manage to pull it off, so after that we stick to the AutoSSL certificate in cPanel and Full (Strict) SSL mode in Cloudflare and that should work?

Most, if not all, of the code is in the database. If your server has WP-CLI installed, you can do a search-replace.

Or use a plugin like this one. Just be very sure you’ve backed everything up first.

1 Like

Hi,

To test this out I have setup a temporary database (only last 3 months data) with https:// in the code base (without any redirection plugin) and have enabled Cloudflare with Full (Strict) mode.

Now even when I have installed AutoSSL certificate in cPanel, when I enable Cloudflare the SSL certificate showing is the one issued by Cloudflare. See the screenshot below. And also the 502 error still continues to exist :frowning:

If nothing works then I think I’ll have to pause Cloudflare to get the site working again.

UPDATE:

I have notice 2 new behaviors now;

  1. If I set SSL mode to Flexible in Cloudflare then the site appears to load but its layout is broken as below;

  1. As suggested my support, I ran a test on webpagetest and it shows that a CDN is correctly in use

Test result: WebPageTest Test - Running web page performance and optimization tests...

And now that the site is down, I had no option left other than pausing Cloudflare once again to get the site up.

Had a word with the hosting company regarding this and they are firm on their stand that the site is loading correctly on http:// as well as https://

The problem arises only when I enable Cloudflare and so they are asking me to contact Cloudflare support while Cloudflare support is asking me to contact the hosting company.

Stuck in a bad loop situation with no solution is sight.

@sdayman @cloonan @sandro any further guidelines?

Thanks.

@sandro and I have absolutely no internal visibility into what’s actually going on, so we can’t help. Someone is going to have to watch the connections and see where it’s breaking down. I’m sorry I can’t offer any better advice.

1 Like

Alright I get it.
Thanks for the support and hand-holding up til now. Really appreciate your support.
I hope to find a solution soon. In case you come across anything that might help in any way to better the current situation, please do share. Till then, I think I’ll have to start looking for other CDN providers.

Thank you.

1 Like

Hi,

Apologies for bugging again. Below is something I found in HostGator’s old Help Center articles. Read the point no. 3. Does that indicate anything or suggest that this issue due to the fact that I am using basic plan and that I have to go for a higher plan?

Found the link here: Compatibility with HostGator - #9 by xperiap

The link is no longer working so dug up a cached version here: What is CloudFlare? How do I enable? « HostGator.in Support Portal

That changed five years ago:

I think the path outlined by Support is the best option, there is an intermittent issue with 502s from your origin and your host needs to assist in tracking that down.

1 Like