My website acts strange, and doesn't load in Safari

Hi, I have a website set up with iFastNet and WordPress. I changed my nameservers to the ones Cloudflare gave me in my domain register, and I got SSL from Cloudflare.
The problem is that my website doesn’t load in Safari? It loads in Chrome on desktop, but it doesn’t load on Android browsers.
It does sometimes for a bit, and then it’s back to refusing to load.
The address is www.thesimple.ml, which should redirect to thesimple.ml.
I have spent days now trying to figure out what’s wrong and I just can’t.
Any help would be appreciated. Thank you.
Below this I have replied to my own post with a screenshot of how my Cloudflare is set up.

It didn’t let me upload more than 1 picture as I’m a new user, but here is how iFastNet’s cPanel set it up for me.

Issue #1, you do not have a valid certificate on your server. Considering your site still loads you must have an insecure encryption mode on Cloudflare. That should be fixed first. Configure a valid certificate on your server and make sure you are on “Full strict”.

1 Like

Isn’t Cloudflare the certificate? They issued me one. I have Cloudflare on “Full”.

No, you need a valid certificate on your server and “Full” is not really safe as that does not validate the certificate (which is why your site loads).

1 Like

I will try. Thank you!

Not working :confused:
Installed a certificate from Let’s Encrypt in cPanel from my hosting but it’s still not loading in Safari at all.
It loads in Chrome if set to Full, but when set to Full (Strict) it says Invalid SSL certificate.

You do appear to have a valid certificate now and “Full strict” should work. Can you set it to “Full strict” and post here once you set it?

1 Like

It is on Full strict now
Edit: At this point I think it’s just a Safari thing.

All right, that’s not an encryption mode issue then but your proxy certificate does not seem to be issued yet. Can you check your edge certificates? Maybe try to disable Universal SSL, wait 30 minutes, and re-enable it.

1 Like

I purged the cache in Cloudflare and flushed my own DNS cache and it opened.
The issue was the certificate on my server!
Thank you so much, Sandro!! You’ve saved me so much stress

Edit: Back to square one. Lol. I’ll wait and see what happens. Maybe things are still updating.

My pleasure. But do double check if it really works, because I am currently getting here very different responses. Partially it works, partially I get an SSL_ERROR_NO_CYPHER_OVERLAP error, which would indicate a missing proxy certificate.

1 Like

Yes, it seems to work at times and then not to?
Maybe I just need to wait for the proxy certificate to be issued?

Can you post a screenshot of the full page at https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates?

That’s odd. That all looks okay, nonetheless I do not seem to get a certificate from Cloudflare

$ openssl s_client -connect www.thesimple.ml:443 -servername www.thesimple.ml
CONNECTED(00000003)
3070152720:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1544:SSL alert number 40
---
no peer certificate available

Even though everything seems to check out, I’d still try to disable Universal SSL for 30 minutes and then enable it again. Maybe something is stuck somwhere, but you might also need to contact support at some point. The thing that baffles me even more is that it occasionally seems to work, almost as if some PoPs had the certificate and some didn’t.

But for starters I’d try to reset the Universal certificate.

I’ve disabled it, and I’ll re-enable it in 30 minutes. And right? I knew something’s up because my other websites work. It’s just this one that has this issue, and they’re all configured the same as this one. They didn’t even have server certificates yet they still worked on Full encryption. If that doesn’t work I’ll just contact support. Thank you once again for your help and quick responses!!

No worries, IMHO there really is something stuck on Cloudflare’s side with the configuration for that domain. I can just hope disabling and later re-enabling it will fix that, otherwise you’d probably really need a support ticket as support will manually have to fix that.

I noticed you re-enabled it, but the certificate still isn’t there. Interestingly enough, it does seem to be returned for the naked domain but not for the www record. Opening a support ticket would be the best course of action at this point. Refer in the ticket to this thread and post the ticket number here too.

1 Like

Thank you! I will be opening one.
I noticed that the website opened when I typed in https://thesimple.ml, but not when I use the www.thesimple.ml address. So the address without the www. part (just thesimple.ml) redirects to the www.thesimple.ml website as it’s directory is in WordPress, but typing it in with the www part in the browser shows there’s no certificate.
But of course, that may not be the issue as sometimes it does, sometimes it doesn’t open. Weird. Contacted support about it, and I’ll update you on here with what the solution was!