Not able to secure site

Hi all

My domain is www.tonymarkides.com

I’m not very familiar with SSL, just trying to make my page secure, so please bear with me.
I signed up for a free SSL from cloudflare, followed all the instructions, changed nameservers etc. I did the core setup, health check shows all is ok, apart from MX (which has something to do with email settings I believe. Not sure if this affects).

My website is still not secure.
When I click on the “Not secure” text next to the url bar in chrome, it says the certificate is invalid. I don’t know if this helps, but I originally managed my site with wordpress, which I now deleted from my hosting (godaddy). When I was using wordpress, I tried to install an SSL from letsencrypt I believe. I didn’t really know what I was doing so not sure if any traces of that still remain and cause the issue somehow. I’m saying this because, again, when I press on the “Not secure” text in the browser window and then on the “certificate: invalid” line, it says valid from 13 March, which is the day I installed the letsencrypt one.

Hope the above make sense. Any help would be appreciated.

thanks!

Cloudflare does not provide that. Your site needs to be secure on HTTPS in the first place, without Cloudflare. Was it secure before you added it to Cloudflare? If not you should first talk to your host.

That does not seem to be the case as you only have a self-signed certificate on your server, which is also the reason for the 526 error.

You need to replace this with a properly valid certificate. Either talk to your host about that so that they replace that or get a Origin certificate issue from Cloudflare at https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/origin and configure it on your server (you might still need to contact your host for the details on that).

ok, seems I misunderstood what cloudflare offers. I was under the impression that I could get an SSL certificate from cloudflare to make my domain HTTPS. So If I follow the process with the origin certificate, will I be able to achieve that?

Sorry to interrupt, but can we consider Cloudflare Origin Certificate as free? Since you don’t have to pay in order to generate the origin certificate.

Yes. Install the origin certificate in your server and you will get rid of Error 526.

Thank you for your help Sandro. I have now installed the origin certificate in goDaddy cPanel. Everything seems to have gone OK, however, site is still not secure.

could you have a look one more time please? I have turned on full strict protection in cloudflare settings

Try to ping your website and see what IP address you get. Is it starts with 104.x.x.x?

starts with 92.204.xxx.xx

That explains the issue. Your ISP DNS is slow in getting the latest DNS record.

Try change to another DNS resolver like 1.1.1.1 or 8.8.8.8.

So is this an issue I’m facing from my pc only? Will other visitors to my site have the same issue? I visited the site from my phone and finally it looks secure. How do I change the dns resolver?

Sure, and yes, you do have a certificate now and with Full strict you would have a properly secure setup.

Loading your page it actually does show as secure. Can you post a screenshot of what is not secure in your case?

That was not the context the OP referred to though. You still need a certificate on your server and Cloudflare can’t and won’t magically provide free SSL if that is not present. And for that you need to configure a valid certificate on your server and Origin certificates are one of several options here, which is why I suggested he had one issued, as that is often easier than Lets Encrypt.

Your server has that address, but are you sure that really is the address you resolve? If it is, it would be a propagation issue and might be fixed by now. Changing the nameserver is not really necessary, but you would need to check why you’d get the wrong address in this case.

Again, you should post a screenshot of the error.

I followed these instructions on how to change DNS servers on Windows and this seems to have solved the problem. My site now appears secure on all devices. My only question is, if I had to change the DNS settings to view my site as secure, won’t other visitors have to do this too in order to view the site as being secure?

I addressed this in my previous response. It probably was not necessary to change nameservers, but 1.1.1.1 will equally work for you.

As mentioned before your site is secure at this point, just make sure you have Full strict set.

I only managed to achieve the secure site only after updating the DNS settings. Full strict is now set and everything seems in order.
I’ve realized that it’s difficult to understand SSL while having gaps in more basic concepts such as DNS. So I’ll make sure to gain a better understanding of these.
Thank you Sandro and erictung for your help!

Check out support.cloudflare.com as well as #tutorials as they both contain a lot of information.

The primary issue was the incomplete SSL setup but you fixed that with the changes. The resolution issue was to be expected but that should have fixed itself after a couple of hours. Now it’s a bit difficult to say what exactly went wrong but if it works for you now, then you are good to go and the site itself has been secure ever since you configured the Origin certificate.

Have a look at the aforementioned resources as they cover most of Cloudflare, but if you have any further question just open another thread :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.