My ssl is not working
This website is not secure and isn’t showing https either. please help.

Mixed content, do a search for that here or on a search engine and you will find plenty of results!

1 Like

Actually, I don’t think so. I had the problem of that before. but this time it shows " Your connection is not private" when forced to https. I don’t think it’s the problem of mixed content.

Based on what do you not think so?

All the evidence so far speaks in favour of @domjh’s observation.

1 Like

I checked the re-write to https in clodflare encryption settings.

And also, when I had the problem of mixed content previously for another project, chrome was indeed showing https in the first place and a i button too which showed ‘mixed content’. this time, it’s not the case. it’s showing connection not secured entirely. also, on forcing https, the site doesn’t open and shows the same error. I cleared the cache and tried too.

Well, at this point it is not mixed content anymore, but you must have removed the certificate from your server or misconfigured it somehow else. Thats a completely different issue now.

Hi @samratduttaofficial, the Automatic HTTPS rewrite function of the SSL/TLS app does not work on all http calls, there are limitations. In this case, I don’t even get to the mixed content issue, like @sandro, I see a 526 errror, here is a tip on that Community Tip - Fixing Error 526: Invalid SSL certificates. You have a self-signed certificate on your origin, so on the SSL/TLS app, can you please turn ssl to Full?

Actually, it’s turned on to ‘Full’ I am attaching kind of a screenshot of the ‘crypto’ page here.

And now it works again and is back to mixed content.

My advice, fix the mixed content and install a valid certficate and switch back to “Full strict”.

1 Like

That worked, ssl is enabled and the cert is issued. Some errors on the page:

Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure image ''. This content should also be served over HTTPS. Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type text/html. See for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type text/html. See for more details.

Well, I solved the Bgpic problem. I turned it to https, but now the background picture os not showing anymore and the rest of the problem is still there. Let’s suppose there are some mixed content problem, I can fix that later. First I don’t know what to do with the invalid certificate problem.
Well, I’m pretty noob in this, so please don’t mind if I’m acting stupid.

According to @cloonan you have a self-signed certificate, which is not publicly accepted and hence not valid. I’d recommend to either get a LetsEncrypt certificate or a Cloudflare origin certificate. Both are free.

I have a shared Cloudflare Universal SSL certificate. That’s the free certificate given by Cloudflare itself. I also just made a origin certificate, but Origin Certificates are only valid for encryption between Cloudflare and your origin server. So, I don’t think that’s the problem either.

That is precisely the problem for your 526. You need a recognised certificate for the latter connection and you currently dont have one. Configure the origin certificate and the 526 should disappear. Of course this wont fix the mixed content, but thats a different issue to begin with.

1 Like

The support team from Cloudflare said, I can use the ‘Flexible’ mode without using origin certificate, which is the porblem currently. So, one issue is fixed. But, they said this " Because your origin is forcing https and the request is then redirected to Cloudflare where Cloudflare again tries to send the same http request, an infinite loop is occurring. I was able to confirm your site is indeed enforcing a HTTPS redirect." … How can I fix this? I checked my htaccess is not doing this, so, what’s causing it?

Someone should get that support team a good beating. That is bad advice.

You can, but you definitely should not. You already have an origin certificate. Configure it and switch to “Full strict” and your SSL connectivity issue will go away.

Well, my bad luck is that, my hosting provider says, " Cloudflare’s Origin Certificates are not valid certificates. Cloudflare is not a recognized SSL vendor, so their “Origin Certificates” cannot be uploaded" … so, please tell me how to properly use the ‘flexible’ option instead.

But you had a self-signed certificate configured? I’d strongly advise to switch to another host in this case. If you need to stay with this host your only other option is to have a LetsEncrypt certificate issued - or any paid one of course.

There is no way to do this properly. Flexible should never be used.

This topic was automatically closed after 30 days. New replies are no longer allowed.