My Site is down instantly once I clicked always https (I have a pro account)

ssl
autohttps

#1

My site is totally down once I click the awalys https. Any urgent help?


#2

I can’t quite make out the domain from your screenshot. What is it?


#3

Just created one screen record at https://videodocs.ethicalead.com/video/play/VplyFYpBlI2UQk9f_QSshQ==

Website is at iqlikmovies.com
:frowning:


#4

I suspect your server doesn’t have any type of SSL certificate for your site. Try changing your SSL to Flexible.


#5

My crypto tab settings details:

SSL: Flexible
Universal SSL Status: Active Certificate (green color)

Always use HTTPS
Off

Automatic HTTPS Rewrites
off

Disable Universal SSL
Enable


#6

These above are the settings currently. And I have done the SSL status as flexible as per your suggestion.
Anymore settings to do?


#7

Clearly your server works with HTTP, which is what Flexible SSL uses to contact your server. I don’t know why using HTTPS all of a sudden makes your server unreachable.

Now is the time to contact Support: support AT email DOT com
or https://support.cloudflare.com/hc/en-us/requests


#8

Thanks Sdayman. I have issued a ticket. I wish they sort it :frowning:


#9

It’s working for me!? There’s a mixed content issue but:

image


#10

Great! If @jinnia feel confident the “Always Use HTTPS” is stable, she can move on to enabling “Automatic HTTPS Rewrites” and tracking down anything left that’s still using HTTP.

As I usually suggest, if one has access to their .htaccess file, the add this line:
Header always set Content-Security-Policy "upgrade-insecure-requests;"


#11

Yes Mark, It is working fine it seems.

Sdayman,
Yes I have enabled the "Automatic HTTPS Rewrites”. So you r suggesting to add this code in the htaccess file as well? Then need to inform this to the developer for adding.
:slight_smile:


#12

Yes, that line in htaccess will tell the visitor’s browser to use HTTPS for everything on your site. Cloudflare’s settings do a pretty good job, but sometimes Javascript sends an HTTP URL straight to the browser. “upgrade-insecure-requests” will catch anything Cloudflare doesn’t rewrite.


#13

Thanks a lot Sdayman,

I have updated that to the htaaccess file.
:grinning: