My site is still not secure even after signing up for CloudFlare


My Namecheap SSL expired, so I signed up for CloudFlare’s free plan.
The problem is: I keep getting the “Not secure” warning, even in incognito.

My domain is:

Thanks in advance!

1 Like

Hi there,

Looking at your site, it looks like there’s a Cloudflare Universal SSL being served. It may have been a slight delay in the deployment.

Could you let us know if you are still facing any issues?

Best regards,

Yeah, you can’t really do that. You still need a valid certificate on your server, otherwise you’ll certainly have a broken and untrusted SSL connection. Plus, you’ll have an insecure encryption mode on Cloudflare too.

In short, your site is currently insecure.

Thanks, Leonard, for your quick reply.

It certainly seems to be a propagation delay, specially on my ISP’s side.
When I switch to mobile data on my phone, the site appears as secure now. However, when the same phone or any other device is connected to my home’s WiFi, it is still displayed as “Not secure”.

Diagnostics sites such as mark my site as being secure, and with good scores overall. Also my SSL plugin for WordPress detects a valid certificate and sees the site as secure.

I guess I’ll just have to wait a little longer for the propagation to take full effect.

Hello Sandro, and thank you for replying.

I already changed my nameservers to point to CloudFlare, so Namecheap couldn’t force to pay for their SSL plans. That’s the whole point for me to be using CloudFlare in the first place, as I have seen others in a similar situation achieve this with success.

Like I was telling @leonard in my previous reply:

This reinforces my theory, but I guess we’ll have to wait and see.

As I said, if you don’t have a valid certificate on your server you’ll have a broken SSL setup and an insecure encryption mode on Cloudflare. The only secure encryption mode is “Full strict”, everything else is not secure.

There are plenty of free certificates out there if money is the issue.

I tested again after more than 24 hours and now the site appears as secure everywhere I have checked. So it seems like it was the deployment delay issue @leonard was talking about.

Thanks to everyone for your help!

1 Like

Then change the encryption mode to “Full Strict” and you are good to go.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.