Need help with how my web address is configured through my cert

Hello,
I am so glad I found Cloudflare and using their services. I was able to setup a certificate yesterday for my site “www.nickivanovich.com”. As of this morning it appears to be loading with my Cloudflare certificate.

But from my Certificate settings, is there a way I can also guarantee that if someone types in “nickivanovich.com” into any browser, that it will go specifically to “https://www.nickivanovich.com”. Right now it does not. It instead goes to “http://nickivanovich.com” which I do not want.

This is what my current cert looks like…

Many thanks on the tips!

The problem is your server does not have a valid SSL setup. That’s something you need to fix on your server and for which you need to talk to your host.

Plus, your encryption mode on Cloudflare will be insecure as well, which you also have to fix once your server certificate is up.

Just to clarify, when you say server, do you mean where the domain name lives, or where the actual web site lives? If the latter, I am using Heroku to load the site. I am not on an Heroku SSL plan.

Exactly.

That’s the issue I referred to. You need to have a valid SSL setup there too.

According to the Heroku docs, activating SSL on my website is a paid service - Heroku SSL | Heroku Dev Center

I assumed I could create an https certificate through Cloudflare to use on my free Heroku account. Is that not the case?

It is not. For a secure connection you certainly need SSL on your server. I am not sure why it is paid there and if it is just for the certificate you can get a free one from many places, but you still need to configure it on your server.

What you got on Cloudflare so far is only the proxy certificate.

Also, I read through this guide on Cloudflare, and it does not say that I have to have an active SSL setup on Heroku in order for my Cloudflare certificate to be qualified for the process - Configure Cloudflare and Heroku over HTTPS – Cloudflare Help Center.

Perhaps my certificate is just misconfigured slightly?

It currently throws an error, so it’s difficult to tell if it is misconfigured or not configured at all.

But you obviously need a certificate on your server, otherwise you can’t establish an SSL connection. Either get an Origin certificate from Cloudflare or an LE one, upload it to your server, and you should be good to go.

Thank you so much for breaking down the truth on what truly needs to be done. To a degree, I felt I’ve been decived on this entire setup process from the start, which is why I’m very happy I came here to get honest advice. Thank you! My real journey now begins!

I am sorry, that is true, Cloudflare is relatively intransparent when it comes to that and makes it look easier than it is, respectively that you do not need a certificate on your server, which simply is not true.

In this case all you need is a valid certificate which you can get from any paid provider or for free from letsencrypt.org (here in particular GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol is a simple Unix client to acquire the certificate itself) or an Origin certificate from Cloudflare. The latter will be the most simple approach, it does require proxying though.

For an Origin certificate you’d just go to https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/origin and create said. You’ll then have the public certificate part as well as the private key, which both need to be configured on your server. Optionally you might also need the root certificate from Managing Cloudflare Origin CA certificates – Cloudflare Help Center

Actually, that last link explains the whole setup step-by-step too.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.