I have some hosting set up through surge.sh and signed up for the CloudFlare free plan to get access to SSL encryption for my site.
I’ve added the CloudFlare nameservers to my domain registrar account, and imported my DNS settings into CloudFlare, but I’m still getting a
Not Secure message when viewing my site.
The CNAME record shows as proxied through CloudFlare with the orange cloud, and I have these CloudFlare settings enabled:
Flexible mode turned on
Always Use HTTPS turned on
Automatic HTTPS Rewrites
Is there anything anyone can suggest that I’m missing from my configuration?
Thanks for your help!
Your browser is not wrong. Flexible SSL is not secure.
The connection between your visitor and Cloudflare is secured, but the connection between Cloudflare and your server is not. You will not need a certificate on your server for this mode. This option is NOT RECOMMENDED.
Flexible makes your site only partially secure - it encrypts the connection between the visitor and Cloudflare - this means they see the
in their browser and the site leaves the impression to be secure! However the connection between Cloudflare and your origin se…
Thanks for your reply.
I had been wondering about that.
Surge.sh has a free hosting option but if you use your own custom domain an SSL is not provided for you and can’t be uploaded, so switching to
Full Mode wouldn’t help since you can’t actually get a SSL cert onto the server.
Just wanted to type up my current understanding now. Does that sound about right?
That sounds correct. Without SSL on your server, you can not switch to a secure Full (Strict) connection.
This topic was automatically closed after 30 days. New replies are no longer allowed.