Looks like, when we told CF to force https on our website it broke our checkout page. Our domain is automation-x.com, so it looks like CF is forcing https://automation-x.com onto all of our URLs. The problem is that, when a client clicks the “check out” button, it takes them to “https://automation-x.na3.securedcheckout.com/…” which is breaking the checkout page.
Is there a way to force the “https” onto all URLs without forcing “https://automation-x.com” onto all URLs?
We took the enforcement of the https off because it was breaking the checkout page.
No, it is not contradictory. What I’m asking is if there is a way to have CF add https to all URLs for a particular domain without adding the domain itself. It seems pretty straightforward to me and I can’t believe others haven’t run into the same problem, which would lead me to believe that there is a relatively simple solution for this problem. What I’m looking for is someone who can point me in the correct direction.
Your checkout seems to be an external page or provider.
What does happen exactly when CF proxy is enabled? “It breaks” is a bad description unfortunately.
I also don’t get the expected behavior yet. Force HTTPS without forcing it
You could achieve this by keeping HTTPS disabled, and just activate it for a specific folder under your domain with Page Rules. But it doesn’t make sense to me atm.
I am sorry but that didnt make anything any clearer. Cloudflare doesnt add any “domain”.
You will need to post the exact error description and ideally turn it on so that it is reproducible. As @MarkMeyer said, that appears to be a third party provider where Cloudflare would not take effect.
What I am asking is, can CL be instructed NOT to append all url’s with “https://automation-x.com/…” but instead simply append them with “https://…” If that were possible, the URL for the checkout page would not be appended to a URL that does not exist and thus would not not throw a 404 error.
Right now Cloudflare is active, however you have either disabled SSL altogether or set up a page rule to redirect to HTTP, hence there is no way to reproduce it.
Assuming your IP address is x.x.x.17 it would appear as if your server does not support HTTPS to begin with. That would also mean you are using Flexible mode, which is highly discouraged.
That is correct. Flexible SSL is the only option we have right now due to NetSuite Sitebuilder being our ERP. It’s a long and complicated explanation, but one that we have explored thoroughly. A flexible SSL is the only way we can go right now.
That basically means you dont have SSL encryption, which is relatively bad especially for e-commerce. I can only advise to switch to another provider if the current one cant provide such a basic service.
Yes, I understand. It’s really a conflict of interest. We pay well into the six figures on an annual basis for the service we currently receive from NetSuite. To move up to the next level would cost approximately $100k more and the time to implement would be six months to a year. NetSuite wants its clients to move up to the next level in order to get the strong SSL, but we are not making enough in online sales yet to justify moving up to that level. So it’s a bit of a catch-22.
We had everything working with the flexible SSL. Everything except this one issue. I can’t believe there isn’t a solution for it. There has to be a solution.
I understand your issue, but in this case the only consequence could be to take your business elsewhere. SSL should not require an upgrade these days, especially not in an e-commerce context.
I understand - and I admit it might be easy to say for me - but given the current situation I dont think there is much of an alternative. If they sell business services and dont offer SSL there is no way they can be taken seriously.