HTTPS not working - The "Always use HTTPS" options doesn't work

Hi, I’m new to cloudflare and hosting websites and I wanted to secure a website: coronaspreadsim.me . I have the two nameservers linked to my domain and when I try to enable the “Always use HTTPS”: option, my website just stops loading altogether, with the buffering circle on chrome.

Can someone help me with this?

Did your site have HTTPS before you added it to Cloudflare? It doesn’t seem to have it now.

No, I didn’t have it before either. I just wanted to get rid of the connection not secure message on the top left.

Perhaps switch ssl to flexible until you get a cert on the origin server?

Yep, that was it. I’m fairly new to this. Thank you.

1 Like

Staying-on-Flexible-for-good coming in 4, 3, 2, 1,

@gomgom03, you do realise your site is on Flexible just as insecure as it always was, right?

1 Like

Yea, I was just looking for a away to get rid of the insecure message on the top left. I don’t think there’s any exploitable data in this website.

I tried to set up ssl on my server but since i have student aws, I don’t have access to put in ssl keys. I also tried letsencrypt which didn’t work with domain hosting service. I think I am fine for now.

As long as you do not have a certificate on your server, your site is not secure by definition. You are still on HTTPS.

Yeap, I’ll have to look into a new server to host it on. Aws student it just too limited

That’s only half the issue. If someone intercepts your insecure connection, they can inject malware links and other harmful content.

1 Like

Thanks for the replies. Do you know if there is a way on aws to store SSL keys without having to go through AWS certificate manager?

Currently, I have the “Automatic HTTPS Rewrites” option on and my website is coronaspreadsim.me . When I type this and click enter, I go to http://coronaspreadsim.me rather than the https:// version. The https version definitely works but I don’t know what the problem is.

Thank you in advance.

Create a Page Rule to redirect to https

http://yourdomain.com/*
Forwarding URL -> 301 -permanent redirect
https://yourdomain.com

As well as the Page Rule redirect @MarkMeyer mentins, you can force all traffic to HTTPS, using the “Always use HTTPS” feature within the Edge Certificates tab of the Cloudflare SSL/TLS app. This has the added advantage of adding the Secure flag to most Cloudflare cookies.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.