My website is working on http, but not https, Dreamhost ISP

My website, patrickjcook.com, is working on http, but not https, Dreamhost is my ISP and Cloudflare is my Registrar. I’m not using the DH/CF integration, thee Cloudflare is separate. I’m hoping someone can help. Also, I haven’t installed a TLS and the .htaccess is empty, if that helps?

If I can provide any other info/screenshots, please ask. Thank you.

You are not proxying the website through Cloudflare and your origin doesn’t have a valid SSL certificate. Either you put a valid one on the server or you activate proxying (and ideally put a valid certificate at the origin too).

1 Like

Ok, How do I activate proxying? CF is set to full SSL, caching, etc. I somehow assumed that this meant that proxying was active. I’m a total noob, and quickly get lost in all of the acronyms and options available - especially with the new UI.

Sorry, you should click on the :grey: in the DNS tab, it will turn into :orange:. The records with :orange: are proxied. The DNS UI hasn’t changed, though.

1 Like

With the clouds in orange, I get a site not found error [from Dreamhost]. Lovely.

Because Dreamhost sometimes by default doesn’t allow HTTPS traffic, unfortunately I have already seen this happen. For the time being you would need to set the SSL setting to Flexible, it won’t be the best security-wise, but all rest is equal. Then do contact them to allow HTTPS traffic.

Thank you, so much! What should I ask/tell them?
Also, should I install the free TLS from Cf on their server?
And, finally, should I bother with the Lets Encrypt SSL on their server?

FYI, I switched to Flexible temporarily.

Simply to enable HTTPS, it’s 2019, they should include it by default. If they won’t budge change host.

One or the other. For sure do not pay a cent for an SSL cert or anything to enable HTTPS. The first is free and up to 15 years in duration, the second may be already automatically supported in which case go for it.

edit don’t know if you already did, but enable Always Use HTTPS on the Crypto dashboard, do not do any redirects on the origin if possible, especially http to https ones. Use page rules and Always Use HTTPS.

1 Like

What about Opportunistic Encryption and Automatic HTTPS Rewrites?
On or Off?

I would probably turn them on, the first one doesn’t really care with the automatic redirect to HTTPS, the second can resolve mixed content issues, which can cause issues. You should resolve them server-side, but this can help.

1 Like

So, DH had me switch to Full (Strict), Disable Universal SSL, wait for propagation, Re-enable Universal SSL, and, finally add SSL on DHs end. I’m waiting for the certs to be issued right now [I’ve added three sub-domains since asking the question].

I don’t understand this though. They would have either instructed you to disable proxying to issue the certificate (which is the wrong way of doing things, since you would need to periodically disable proxying to re-issue) or done nothing. That way of doing things would only create issues.

I don’t know… I have no certs on . their end and I have an interview in the morning. I’m bringing my laptop, just in case-I can always run on local.
The tech indicated this was a standard fix for Cloudflare?! Fingers crossed.

It could be, it depends on their infrastructure, not on Cloudflare’s. Unfortunately not all hosts know what they are doing, nor the tech departments know how to deal with third-parties even though everything is basic knowledge.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.