I have set up the SSL on flexible and i have both the cloudflare plugin and the ssl cloudflare plugin but my site it showing that the SSL is not working. I have https forced on the site but it shows it is not secure. I have no idea what to do.
What’s the domain?
Works for me. It may have taken time for your browser/DNS cache to be cleared.
It was caused by a plugin. I deactivated the plugin and it started working. If I activate it, it goes off again. Unforunately it is a needed plugin for my theme.
Fusion Builder for the theme Avada
If it’s Flexible SSL, you’re better off adding this line to .htaccess:
Header always set Content-Security-Policy: upgrade-insecure-requests
Give that a try, then activate that plugin again. If it’s still giving you problems, post back and we’ll take a look. It’s quite often a Mixed Content issue.
I changed it back to full SSL strict because it was working fine without the plugin activated. Do you think I should go back to flexible and try updating the htaccess file? I appreciate your help a lot sdayman!
Generally, “Flexible” should always be avoided, it completely breaks whatever security SSL might provide.
If it is working on “Full” why would you consider switching back? Or did I misunderstand and it is not working?
I switched it to flexible at first but then once I realized it was the plugin I deactivated the plugin and switched back to full strict and it works. With flexible it was giving me secure icon on about half the pages of the site even with the plugin activated. It was weird.
Excellent, “Full” is the way to go anyhow.
Ya I wrote a message to the plugin developers but it is weird because it is a needed plugin for Avada which is one of the most popular themes. I feel like it must be a mixed content issue or something im not seeing. I’m not very technical so I greatly appreciate the help.
I assume you are referring to a Wordpress plugin, right? Unfortunately my Wordpress experience is approximately as profound as my experience in Ancient Greek, so I wouldnt dare to comment on that bit.
Regarding Flexible and Full though, the former should be avoided as it makes Cloudflare connect to your server via HTTP. So it does not really matter whether the connection between your visitor and Cloudflare is encrypted, as that encryption will be lost and all data will be forwarded in plain text by Cloudflare anyhow, reducing HTTPS to a simple means to prevent others from sniffing data on the immediate network of the user but not providing overall and proper security any more.
My .htaccess suggestion also applies to any SSL mode, as it ensures all resources are set to https.
sdayman! That did the trick!
This topic was automatically closed after 30 days. New replies are no longer allowed.