Free Cloudflare is creating lot of problems

Anyone please help. My domain is registered on GoDaddy and my wordpress website is hosted on hostinger. I watched many tutorials of installing SSL on the website. I changed the DNS at GoDaddy and even changed the nameservers at my hosting at hostinger. I activated the Flexible SSL Plugin and also created page roles. I waited for 24 hours and there was no changes my website was still http. I again watched a video on youtube and this time I created certificate in cloudflare and copy pasted certificate, key and CA origin certificate also. Now the certificate is installed but it is invalid and showing red warning. http is now https but have red coloured strikethrough on it. I then changed name server back to default at my hosting and hostinger, please note that DNS Server are still of cloudflare at GoDaddy I changed Nameserver at my hosting. Still the issue persist. Please someone help it’s really urgent. I have given a lot of time but still feeling helpless.

Here is my website https://brentlott.com/

Hi @brentlott20,

We will need a bit more info to be able to help. What is the domain name, for starters?

So you have a Cloudflare Origin Certificate installed o your server now?

1 Like

You can visit brentlott.com

Yes the certificate is installed but it is invalid. Please Help!

https://drive.google.com/drive/folders/1-QgESDATZsVQ7CpoGXJ3HDeyjgON9DEA?usp=sharing

You can also see these screnshots.

The site loads OK for me, but has some mixed content. If you still get an error, you may be connecting directly to your server bypassing Cloudflare due to a cached value which should clear. —> Verifying propagation and caching issues when troubleshooting

As for the mixed content:

Mixed content errors mean that your website is being loaded over HTTPS but some of the resources are being loaded over HTTP. To fix this you will need to edit your source code and change all resources to load over a relative path, or directly over HTTPS.

For example, if you load your images with a full URL:

<img src="http://example.com/image.jpg" />

You would want to change this to:

<img src="//example.com/image.jpg" />

By removing the http:, the browser will use whichever protocol the visitor is already using. An alternative option would be to enable the Automatic HTTPS Rewrites feature that can potentially fix these errors for you automatically. Do be aware that resources loaded by JavaScript or CSS will not be automatically rewritten and mixed content warnings will still appear.

See this Community Tip for further details

3 Likes

I understood the mixed content problem but can you please tell how to troubleshoot that connecting directly to your server bypassing Cloudflare due to a cached value. Also according to you should I use full or flexible option?

That should be covered in the tutorial I linked to at Verifying propagation and caching issues when troubleshooting

Flexible should never be used, since you have configured an origin certificate, you should use Full (strict).

1 Like

What about the Flexible SSL Plugin. Should I delete that?

Please reply, I have flush the cache value from Command Prompt. Now just guide me how to get a normal Pad Lock sign and should I delete Flexible SSL Plugin?

You shouldn’t need the Flexible plugin now you have configured it properly with a certificate and Full (strict). As for the issues, it loads fine on my end but you still have some mixed content problems that need to be addressed.

1 Like

I have activated a plugin SSL Insecure Content Fixer. Will that work to troubleshoot mixed content problem?

Seems to be resolved now.

1 Like

Yes, now everything is sorted. Please check for the last time at your end and confirm all the certificate settings are normal or not.

It all looks OK to me :+1:

1 Like

Thank You very much. One last thing should I have to add a new property of https in my Google Search Console?

That is generally unrelated to Cloudflare, but it depends what you currently have set up on your Search Console. If you have a domain property then this already covers all URLs across http or https. If, however, you have a URL property then it may just cover http, so you may then need to add a new property for the https version.

2 Likes

Hey Buddy,

1st) When it comes to WordPress, GoDaddy, HostGator, Hostinger, are the worst choice ever!
2nd) Try companies specialized such as SiteGround, WPengine, Kinsta, Pressindium. Their support and server are really a big deal. Trust me, I use SiteGround.
3rd) U can edit your Php.ini so that you forces the loading of https or you can use the hosting companies I said above because all of them have this automatic https function just one or two clicks away from you.

Your domain is a litle “short” on security, its ok but it barly works,
check here for advices on how to improve security
https://webcheck.pt/en/results/brentlott.com/
maybe it helps

This topic was automatically closed after 30 days. New replies are no longer allowed.