How do I check to make sure

Sandro,

In your last response you gave me, you said that I should also be aware that my site is still insecure as I have no valid certificate on my server and an insecure legacy encryption mode on Cloudflare. You said I should change the latter to Full Strict.

I asked you how to do that. I never did get a response back from you regarding this.

So I made a web capture image of the comment you made regarding this issue and my replies. You may have to expand it to see it clearly. Clicking on it twice will expand it.

Please tell me whether or not my replies and the images of what I think you were referring to corrected the problem.

If it is not what you were referring to, then tell me how to get it fixed because I want to make sure my website is secured.

1 Like

Yes, I am afraid you’ll be using said legacy mode right now, which is why the site and its content are still insecure and served in anunencryped fashion. To fix this, you only need to change your encryption mode to Full Strict and configure a free certificate on your server. Why you should choose Full Strict, and only Full Strict has all information on that.

Follow these steps in exactly this order.

  1. Pause Cloudflare - Pause Cloudflare · Cloudflare Fundamentals docs
  2. Set your encryption mode to Full Strict
  3. Install said valid certificate on your server (e.g. Let’s Encrypt or an Origin certificate) - contact your host if necessary
  4. Verify if your site loads fine on HTTPS - if it does not, contact your host
  5. Once it loads fine on HTTPS, you can unpause Cloudflare
  6. Verify that you use Full Strict again
  7. The site is secure at this point
1 Like

How do I find my site’s encryption mode settings?

As mentioned, Why you should choose Full Strict, and only Full Strict has all information.

1 Like

Okay. Sandro, I will need your help on this issue. I’ve completed steps 1-8 on “Deploy An Origin CA Certificate.” I need to make sure I’m selecting the correct Key Format and it is dependent on the type of server I’m using. How do I find out what type of server I’m using?

Nginx

1 Like

I was told that my site is still insecure as I have no valid certificate on my server and an insecure legacy encryption mode on Cloudflare, and that the latter should changed to Full Strict.

I followed the steps as best I could.

  1. I changed the encryption mode to Full Strict.

  2. I copied the contents of Orgin CA Certificate and Private Key and pasted them into Wordpad.

  3. I then upload those files to the folder on InfinityFree where I uploaded files to my website.

To get there, I click on the “Home” tab and then click on “File Manager.” This takes me to Monsta FTP. Then I clicked the folder containing the files to my website and uploaded the Orgin CA Certificate and Private Key files there.

After step 3, I got confused.

But I’m still having problems. My website is showing the “Not Secure” notice again. It could be that I did not configure the certificate. Can someone explain to me how that is done, please.

I wanted to post more screenshots but because I’m new here the system will only allow me to post one.

Actually, you must not upload it as web content. You need to configure your web server for it. The mentioned links actually cover that too, but that’s primarily something for your host to configure.

As mentioned

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.