How to configure Universal SSL to ignore origin server's 443 content

I want to use the Universal SSL ‘Flexible’ option to present my site’s content over SSL.

However, my web host, in addition to hosting my content on port 80, also hosts a nag page on post 443, to say that SSL is disabled (and available for an additional fee).

If I enable Cloudflare’s Flexible SSL option, the origin server’s nag page is shown, instead of my content. Is there a way to force Cloudflare to ignore the port 443 content from the origin, and prefer the port 80 content?

Short answer: no, don’t do this.

SSL certs are available for free nowadays with Let’s Encrypt, etc. If your host is truly requiring you to pay to install an SSL cert, you need to find a new host. Any slightly competent host will have Let’s Encrypt (etc.) available for one-click at your origin, and you should then set your SSL mode in Cloudflare to Full - Strict.

5 Likes

While I agree, I should mention security isn’t a concern here. The site will be public, static content. Having SSL is purely for the SEO benefit (or more accurately, avoiding the SEO penalty of not having SSL).

So while I could look for a new host now and avoid the $30 fee to enable SSL, SSL between Cloudflare and the origin isn’t important to me, and it would be nice if Cloudflare exposed a way to ignore the origin’s SSL content when using ‘Flexible’ mode.

This really isn’t true: https://doesmysiteneedhttps.com/. There are privacy and security benefits for anyone using your website.

If your site is static, then you might want to just look at Cloudflare Pages and avoid an origin entirely. But what you’re trying to do with your origin currently is not advised.

3 Likes

Use a different origin or disable SSL altogether.

3 Likes

What about Origin Rules? Can I make a rule to redirect 433 traffic to port 80 on the origin server?

Neither, just follow the advice you already got from @cherryjimbo and @cscharff and either disable SSL (if you don’t need it, as you mentioned) or make sure your server is properly configured. Everything else will only break your site and will be deceiving to all your visitors, which naturally is a no-go as well.

With your use case you probably best look into Pages, as @cherryjimbo suggested.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.