I know how to activate free SSL and turn on “Always Use HTTPS”, both domain and sub-domain will be force to use SSL for all traffics.
But here’s the problem, the domain has been running for few years that many pages contain image links which is non-SSL. If “Always Use HTTPS” is turned on, some browsers (like Firefox) will block parts of the web pages (non-SSL contents) to be loaded, and this resulting the web page for not rendering/working properly (some images missing) at end-user browser.
So turning off “Always Use HTTPS” will fix the problem. but then the sub-domain will have problem. The sub-domain is programmed to redirect non-SSL to SSL by default.
CloudFlare will now redirect SSL to non-SSL.
But the sub-domain will then redirect non-SSL to SSL.
This creates an endless loop of redirection and causing the sub-domain to be inaccessible at end-user browser.
So, I propose to have a new feature that is to Activate the [Always Use HTTPS] per each domain and sub-domain:
Hi, after some testing. I found that “Page Rules” is actually not needed to be involved in this case. After I have set the default “SSL” to “Full (strict)” mode, CloudFlare will not perform any redirection of “http” or “https”. CloudFlare will serve whatever as it is type by end-user.
If the user key in “http”, CloudFlare will load the “http” version from the web server.
If the user key in “https”, CloudFlare will load the “https” version from the web server.
So, what I need to do is:
For the root domain:
disable SSL at my web server
redirect all “https” to “http” at my web server
For the sub-domain:
enable SSL at my web server
redirect all “http” to “https” at my web server
and “Page Rules” at CloudFlare is not needed to be configured anything.
Since the primary urgent concern is the sub-domain, so I will have no choice to leave the wordpress as it is at the moment… until some other time.
I think the best way to fix the wordpress is by reinstalling everything start from scratch with “https” at the very beginning. That… will be the story for another day. Reinstalling wordpress and plugins are still ok, but, there are lots of articles… re-importing the articles still require to fix all the posts one by one… arh…
Have a look at “Automatic HTTPS Rewrites” on Cloudflare, respectively at CSP: upgrade-insecure-requests - HTTP | MDN. Both features will allow you to move your content to HTTPS without manually adjusting everything.