How can I get Cloudflare to work with PHP code?

I have a website that is a combination of HTML and PHP coding. Under this site ( are two subdomains which are coded with PHP. I get the green padlock with the main domain, but not with the subdomains. The way I understood the Cloudflare is that once I have Cloudflare set up anything that is in my domain will be secure and show the green padlock. This is not happening. My host is Hostwinds. . What am I missing here?

If the DNS entry here is set to :orange:, you can configure TLS here. Generally, once you set SSL for the main domain, it carries over to the subdomains as well.

How the website is coded doesn’t figure into TLS configuration.

If you’d like more detailed feedback, post the subdomain(s) that aren’t :lock:.

I am having some serious issues with my primary domain which is a combination of PHP, HTML and some proprietary coding. That domain is How can I remove Cloudflare from this domain. It is working fine with my other primary domain which is entirely HTML coding. It is just messing up my weather station domain (the domain). This is important to get cleared up.

That site is not using a Cloudflare cert, is not redirecting to HTTPS and has mixed content issues.

The nameservers are not pointing to Cloudflare so you already appear to have removed it from :logo:


Then why am I getting the following:

That image is not loading for me. As you have replied by email, try logging in to and posting it.

The domain is currently pointing to and, not Cloudflare

Attached is an error (at least that is what I am calling it) and want to get rid of it.

That’s “Under Attack” Mode. Usually set from the Firewall settings page for Security Level, or as a Page Rule.

Or it’s a Javascript Challenge set up elsewhere in your Cloudflare dashboard.

@sdayman, the nameservers aren’t pointing to Cloudflare.

Try clearing your browser cache @twills16

But…but…that’s the Cloudflare JavaScript challenge screen. :thinking:

1 Like

I know!! :joy:

@twills16 . Do you still see the Cloudflare Javascript challenge page when you try to visit that site after clearing your cache?

Yes, I have cleared the cache on my browsers. Where do I find the Javascript that is doing this? I have never is all the years of running my weather station websites have a DDoS. It was only after going with the Cloudflare that my problems started. I have a 2nd primary domain which is strictly HTML coded and no problems. It’s just this domain where it is a mix of PHP, HTML and some proprietary code that this has happened.

Some image is serve from http that why you not get green padlock
Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure image ‘’. This content should also be served over HTTPS.

This topic was automatically closed after 31 days. New replies are no longer allowed.