Cloudflare Community

Deprecated - Why flexible SSL mode is not the best choice

domjh February 20, 2019, 1:02pm 1

This tutorial is deprecated in favour of Flexible - SSL/TLS encryption modes · Cloudflare SSL/TLS docs

Related Content:

Archive

Flexible

The connection between your visitor and Cloudflare is secured, but the connection between Cloudflare and your server is not. You will not need a certificate on your server for this mode. This option is NOT RECOMMENDED.

Flexible makes your site only partially secure - it encrypts the connection between the visitor and Cloudflare - this means they see the in their browser and the site leaves the impression that it’s secure! However, the connection between Cloudflare and your origin server is unencrypted and traffic can be intercepted there.

Even if you wish to pursue an insecure connection, Flexible SSL causes other problems for sites configured for HTTP at the host such as Mixed Content errors, Redirect Loops, or even completely breaking your website.

What to do about it:

You should install an SSL certificate on your server and set the SSL mode to “Full (strict)”. This fully encrypts the traffic between both the user and Cloudflare and between Cloudflare and your server.

You can use a free Let’s Encrypt certificate, generate a free Cloudflare origin certificate (SSL/TLS app), or use a paid certificate.

This is needed to make your site fully secure and is essential if you process any user submitted (e.g. logins) or personalized data through your site.

Related Content:
Why you should choose Full Strict, and only Full Strict
https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options

Tutorial Reference: CT-32

Reviewed: 08/22

This is a Community Tutorial. Most are wiki posts, so can be contributed to by Regulars and MVPs here. If there is a tutorial you would like to see, you can request one here.

If you would like to provide any feedback on this tutorial, please post in the #Meta category, tag your post #TutorialFeedback and let us know the Tutorial Reference above.

Other great resources on this community include the Community Tips. These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. You can also view Expert Tips, great posts on the community from people in the know that may help you with your issue.

We encourage users to check out these great resources and the Cloudflare Support Centre before posting.

20 Likes

Full SSL x Flexible with HSTS enabled

SSL - Not secure

My website is unreachable

About DNS Records

SSL Expiration

Community Tutorials

Problem with Fruition - Notion Website

My .app domains won't display CSS, forces basic HTML. What's happening?

Site Cannot Complete SSL Connection

Transferring website from hosting service to home webserver

Need help regarding ssl for subdomain

Godaddy website goes down constantly with Cloudflare SSL

SSL from FLEXIBLE to FULL will point to wrong website?

Https is crossed

Can not access wordpress dashboard

Unavailable domains after changing DNS

Changing Server & new IPs

504 Timeout Error

Site isn't working after pointing nameservers to Cloudflare trying to add SSL

#URGENT: Unauthorized Redirect (To The Same Website // 3 Separate Accounts) Help

Cloudflare cdn on alternate file domain breaks the styling of the page on phabricator

SSL flexible active but not secure https

SSL configuration problem

522 error - trying to host on android phone termux nginx mobile connection with ipv6

Error 552 while trying to access HTTPS website

Always Use SSL Missing

The certificate uploaded is NOT for the domain name ipllivescore.live ( CloudFlare Origin Certificate was seen )

Switched to Cloudflare, now root domain name and subdomain do not work

Website looking like raw HTML

Pro Licence subscription details

Please ensure you are providing the root domain and not any subdomains (e.g., example.com, not subdomain.example.com)

Redirection loop : wrong SSL config?

Problem with mixed-content after updating links to https

Changed Nameservers and now our website is down

SSL keeps disconneting

Why doesn't java detect https on my cloudflare url?

Error 521 GoDaddy and Cloudflare

I have added a website in the Pro account and changed Name-servers but no SSL

Detecting non-strict SSL setups

Help Please: Connection to site not secure message

Does Flexible SSL cover sub-domains

Can SSL/TLS encryption mode is Full (strict) lead to performance issues?

Flexible mixing HTTP and HTTPS web servers

Moved Nameserver to Cloudflare - Images not loading

Problem connecting 000webhost Freenom Cloudflare

Point CNAME to Static website on S3 is not working

Subdomain "Page Not Found"

Subdomain "Page Not Found"

Your connection is not private on My Website

Cant access my website after installing free SSL from your website

SSL vs Page Rule SSL

Using Let’s Encrypt SSL, got message from hosting cant extend SSL

Website SSL Not Working

Cloudflare not forwarding all http requests to https

Website doesn't open with WWW

Site not showing secure yet

I'm confused about nginx setup file-to edit or not to edit

Best method/configuration for a HTTPS website?

Though Universal SSL is active it is not showing the HTTPS

"Invalid SSl Certificate"

Https from Cloudflare, http from S3?

I cannot access my wordpress admin after activating cloudflare

SSL Not Work on my website

ERR_TOO_MANY_REDIRECTS & Subdomain SSL Error

Configuration for SSL between a domain with it's own origin cert and another without

It is showing error 525 ssl handshaked failed

Why doesn't Flexible SSL mode check origin for certificate first?

SSL not working on my subdomain

Intermittent SSL_PROTOCOL_ERROR only in specific cases?

Curl Error 35 site health wordpress

525 error - called Godaddy and was told the issue is with Cloudflare

SSL Error Pitchmagic to Google Domains to Cloudflare

Please help! My site velocube.ru dont worked

Why my site is not live with cloudflare?

SSL Active but still "Not Secure"

HTTPS not working on Subdomain

Community Video Tutorials

Error 521 only when passing through São Paulo

404 error after changing DNS

SSL is active but site is insecure

Flexible SLL Not Working Suddenly

Error "redirected you too many times" right after the domain was moved to CloudFlare

Subdomain works, but I have no access to Wordpress Admin

My website is not secure yet?

Missing certificate

Is Https: automatically switched On?

Clouflare serves the incorrect certificate

A record changed, but not propagating

Getting SSL Errors after a while when setting up cloudflare with 000webhos

I can't change from full to flexible SSL

Connection to this is not secure?

Error 520 a day after adding SSL Certificate

Urgent! Please Help

301 Redirect - ERR_TOO_MANY_REDIRECTS

SSL and pics on www

Website is not working powercraftmcs.nl

Is cloudflare free SSL have security Issue?

Is cloudflare free SSL have security Issue?

Can't get 301 redirect to wok

Can't open my website without VPN

Let's Encrypt SSL cannot renew with Cloudflare

DNS record seem to not being propagated properly

New WordPress Plugin Update Crashed Site

Www link shows insecure

Serving large downloads via ssl / https

Getting 521 error sometimes and then resolves itself after few mins

Can't edit or create Wordpress post while proxied by Cloudflare

CNAME SSL Problems

Mixed SSL mode: Full AND Flexible (for different subdomains)

Site Down, DNS Not propogating. Help!

Error too many redirect

Redirect Loops and Redirect Chains

521 intermittent errors on GoDaddy Wordpress

SSL ISSUE Activation

Flexible SSL working for 4 out of 5 domains

Strange double IP situation

Site Down After Adding SSL

Issue with my vps and dns settings

Error 522 for every record in only 1 domain

522 on insecure setup

Heroku Bad Request Server 400 Error

My webiste not working on mobile data

Admin session on Jommla 4

SSL(flexible) blocking certain content

Setting up a SSL/TLS encryption mode for each subdomain

Proxied Cloudflare to Plesk

Search Contest 2021 infection?

Whenever i start 'Always Use HTTPS' on cloudflare my website down

CloudFlare proxied websites don't work on Virgin Media but do on EE and some U.S providers

Can't connect to the server

Site not secure SSL flexible

Fails to log in to WordPress

"Your site could not complete a Loopback Request" Error

After Change http to https website dashboard not opening

All the image post links on my wordpress site are broken once my flexible SSL certificate has been confirmed

NET::ERR_CERT_COMMON_NAME_INVALID - site still not secure

Changing DNS records for flexible ssl

Can we have more than 1 wildcard SSL?

Zonelockdown, AWS SGs, flexible SSL - remote_addr question

No SSL for my Site

Certificate still showing self signed

Ssl not working on my domain?

Error 525 - FULL but not FLEXIBLE

Got HTPPS for a couple of weeks then it changes to HTTP

Cloudflare SSL Settings only for Subdomain

Error::err_cert_common_name_invalid

How to log in cPanel? You are my hosting provider as per https://digital.com/web-hosting/who-is

Https version of domain not working

No puedo entrar a editar mi pagina

Unable to login with Wordpress

Flexible SSL for specific sub-domain

Multiple subdomains, how to choose which gets SSL

Error 403 on just set up site

Ssl is not working with

Cloud Flare SSL not working for my wordpress site

Http:// - ok but https:// - 521 error

Error 522 - packets

Sqaurespace SSL cert issue

My subdomain is giving 404 error

My wordpress website dont run using Cloudfare SSL

Issue with Fruition – Notion Website

Godaddy Domain Namechap Hosting Cloudflare SSL

Bug (?) with "Always Use HTTPS" and urls not ending in "/"

Http:// redirects to https:// then https:www

SSL https issue

Server Behind NAT Can't be Access whith Cloudflare Proxy Protected?

My PWA shows Not Secure when added to home screen

Cannot Access Wp-Admin After Cloudflare Active

Error 522 with GoDaddy

My website not working

How to add multiple subdomain

403 on gRPC connection?

Can't access website after enable SSL certificate flexible

ERR_SSL_PROTOCOL_ERROR showing

Your connection isn't private

Too Many Redirects Errors with a Specific Data Center

Website is down after installing CloudFlare SSL

Domain Control Verification (DCV) failed for the certificate with ID *** belonging to zone ID ***. The DCV method is currently set to http @MoreHelp

Not fully secure

Sporadic self-redirects

Flexible SSL Option - access proxied as HTTPS?

Http2 and flexible SSL configuration

SSL changes not working for Websites

SSL is Active but website is not secure, please help!

Account active but ssl not working

SSL give error and stop working

Follow-up question for Sandro and Donmj - Secure Server while on HubSpot Email marketing

When does the SSL change to the strict mode or flexible mode?

I need http and https both working

Working IP from AWS EC2 not working through cloudflare (basic setup)

Java script not working

SSL showing not secure https://www.eliothealthcare.com/

404 error when Diag

Site Not Loading After Changing Nameservers

Error 522 even I configure iptables and firewall

Load more poste button it doesn't load

Status: Failed - HTTPS SSL Certificate failed to be processed

Some pages are showing that it is "Not Secured"

How to fix "too many HTTP redirects" and "Load cannot follow more than 20 redirections" errors

Ports for ssl/tls flexible mode

SSL handshake 525 error

My Wordpress Site throws 520 error

Page redirect from root to www not working

No activation of Flexible SSL Certificate

Ssl activation has error

SSL www vs promax .me

How can I resolve a 525 error for my glide app on a subdomain of my website?

SSL error SSL_ERROR_NO_CYPHER_OVERLAP

My A record may be using the wrong IP address

Domain keeps redirecting to a random site

Cloudflare Active & WP Plugin but No PadLock

Meu site é classificado como inseguro para alguns usuários

Force http1.1 from Tunnel agent to origin?

Configuring Cloudflare with surge.sh hosting

SSl Redirect Issues: ERR_TOO_MANY_REDIRECTS

WordPress login issues

Verify A Partner

WP Multisite subdomain dashboard and site not accessible

MX Settings Not Showing Up in Cloudflare

Cloudflare blocking Joomla 4 Administration - 520 Error (Nginx Config Problem?)

Cloudflare and Elementor errors

520 error if I log in

Unable to visit domain with prefix

I get cgi-sys/defaultwebpage.cgi added to the URL, site isn't working

Site is down: Too many redirects error

Help with Full versus Flexible SSL &

The connection for this site is not secure - I tried all solutions in Cloudflare community

CSS Error in Elementor after SSL HandShake 525 Error

Error 521 in Full SSL

Cloudflare blocking my rest api request

WebSocket ws-wss conversion on Flexible SSL?

Invalid SSL certificate *

A 522 error with Cloudflare Pages for subdomain site

Wordpress.com - Cloudfare - To many recdirects

I added a subdomain and added a dns record, but it's not working

Images with ssl url in outlook for windows does not work

SSL doesnt work

Https Request / SSL Not Working

Redirect page loop for wordpress installation

Site offline after moving domain to new CloudFlare account

Site offline after moving domain to new CloudFlare account

How to block all connections other than Cloudflare on port 80 through tunnel?

It works without SSL, but gives a 404 error when SSL is activated

New Origin Certificate has validation errors

Which ports can I use with tunnels?

Doesn't work for me: Flexible Encrypts traffic between the browser and Cloudflare

Blocking HTTP on Cloudflare Proxied Domain

DNS pointing to old IP host

Access Nextcloud locally

Page rules no longer working

Edge SSL Certificates stuck on pending validation

Redirecting http to https

SSL _acme-challenge records present in DNS but still Pending Validation (TXT)

DNS only entry redirects to HTTPS

Error After Migrating From GoDaddy SSL Cert To Cloudflare Flexible SSL

Free SSl site is not working it's not secure yet!

Problem with SSL setup

My website says its active , but Not Showing on Internet

"www.mathforschool.xyz redirected you too many times"

Resolution to a domain in another DNS provider

Website not loading while using www before the domain

ERR_TOO_MANY_REDIRECTS | This page isn’t working

How can i use http iframe content on https site?

To get started with proxied records

The pictures can not showed

Cloudflare Proxy Caching Issue

Wordpress and DNS problem

Help me please too

The ssl certificate of the Flexible type does not work on the site

My website says connection not secure

I add cloudfare as for dns server and now page doesnt show up

Problems with the flexible SSL mode

Deprecated - Step 2: Setting up SSL with Cloudflare

SSL Flexible

Receiving error: NET::ERR_CERT_COMMON_NAME_INVALID

This connection is not private error

X.509 Certificate Signed by Unknown Authority

502 Bad gateway while logging to the WP admin panel

SSL/CA issue

SSL problem on subdomain

Website Displaying Plesk Default Page After Cloudflare and Flexible SSL Certificate Setup

Flexible ssl block port 80

My CloudFlare domain currently uses port 443 into my network and I want to use port 80

My Site Down After Change Host IP

With DNSSEC Active, DNSChecker.org is showing a strange DNS record

SSL Full Option gives me Web server is down Error code 521

Will upload html files but won't upload image files

Mailed stopped working

I setup into cludflare and my contact form stop working

My ssl is not working. It's set to flexible but not working

Getting error as this page isnt working

My website not working now why?!?!?

When will cloudflare charges

Error 526 SSL Invalid changing the encryption mode from Flexible to Full (Strict)

Custom Domain Cloudflare

SSL certificate not coming through for CNAME custom third party app domain

Your site could not complete a Loopback Request

SSL Encryption Mode: Error 522 on subdomains or ERR_TOO_MANY_REDIRECTS on main domain

Flexible for SEO?

#URGENT: Unauthorized Redirect (To The Same Website // 3 Separate Accounts) Help

Google Recaptcha showing up on all our pages

Google Recaptcha showing up on all our pages

SSL/TLS Flexible and Full setting not working

Can't acess my website from my network

Flexible SSL Not working. Port issue?

SSL Certificate Active (Flexible) Not Working

SSL flexible active but not secure https

Topic		Replies	Views	Activity
SSL changes not working for Websites General	3	2390	November 18, 2021
When does the SSL change to the strict mode or flexible mode? Security	2	1319	December 24, 2022
Deprecated - SSL/TLS app Settings Tutorial Tutorials	0	20411	January 2, 2019
SSL/TLS encryption mode for new site Getting Started	2	2237	November 6, 2021
Doesn't work for me: Flexible Encrypts traffic between the browser and Cloudflare Security	5	1879	July 8, 2022