My site is still not secure even after signing up for CloudFlare

Untitled · July 7, 2021, 4:13am

Hello!

My Namecheap SSL expired, so I signed up for Cloudflare’s free plan.
The problem is: I keep getting the “Not secure” warning, even in incognito.

My domain is: cielomatica.com

Thanks in advance!

leonard · July 7, 2021, 4:30am

Hi there,

Looking at your site cielomatica.com, it looks like there’s a Cloudflare Universal SSL being served. It may have been a slight delay in the deployment.

Could you let us know if you are still facing any issues?

Best regards,
Leonard

sandro · July 7, 2021, 5:38am

Yeah, you can’t really do that. You still need a valid certificate on your server, otherwise you’ll certainly have a broken and untrusted SSL connection. Plus, you’ll have an insecure encryption mode on Cloudflare too.

In short, your site is currently insecure.

Untitled · July 7, 2021, 3:04pm

Thanks, Leonard, for your quick reply.

It certainly seems to be a propagation delay, specially on my ISP’s side.
When I switch to mobile data on my phone, the site appears as secure now. However, when the same phone or any other device is connected to my home’s WiFi, it is still displayed as “Not secure”.

Diagnostics sites such as www.whynopadlock.com mark my site as being secure, and with good scores overall. Also my SSL plugin for WordPress detects a valid certificate and sees the site as secure.

I guess I’ll just have to wait a little longer for the propagation to take full effect.

Untitled · July 7, 2021, 3:12pm

Hello Sandro, and thank you for replying.

I already changed my nameservers to point to Cloudflare, so Namecheap couldn’t force to pay for their SSL plans. That’s the whole point for me to be using Cloudflare in the first place, as I have seen others in a similar situation achieve this with success.

Like I was telling @leonard in my previous reply:

This reinforces my theory, but I guess we’ll have to wait and see.

sandro · July 7, 2021, 3:14pm

As I said, if you don’t have a valid certificate on your server you’ll have a broken SSL setup and an insecure encryption mode on Cloudflare. The only secure encryption mode is “Full strict”, everything else is not secure.

There are plenty of free certificates out there if money is the issue.

Untitled · July 8, 2021, 7:08pm

I tested again after more than 24 hours and now the site appears as secure everywhere I have checked. So it seems like it was the deployment delay issue @leonard was talking about.

Thanks to everyone for your help!

sandro · July 8, 2021, 7:08pm

Then change the encryption mode to “Full Strict” and you are good to go.

system · July 11, 2021, 7:09pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"Successfully Added Cloudflare to My Namecheap Domain, but Website Still Appears Unsecured - Need Help!" Security Center	4	1317	September 18, 2023
Not able to secure site Security	18	2340	March 27, 2021
Cloudflare is now protecting your site but not secure Security	17	915	January 15, 2024
Site still "not secure" Security	9	2490	May 31, 2020
Domain name servers changed to cloudflare, but my website it's still not secure Security dns , dash-ssl-tls	6	2668	May 27, 2019

My site is still not secure even after signing up for CloudFlare

Related topics