Should be Full (Strict) SSL. Kindly have a look here for more information regarding correct SSL settings at the SSL/TLS tab on Cloudflare dashboard:
Would be good to use it.
Nevertheless, there are some tricks for example when cPanel users don’t enable this so the cPanel AutoSSL can be renewed each 60-90 days or so (as far as it needs and uses HTTP). Nevertheless, you can check the date on the AutoSSL certificate in the cPanel or some other way via openssl, therefore at least few days before it’s expiration date you disable Always Use HTTPS, after the process successfully renewed the SSL certificate, you re-enable it again.
In case it fails, you could do a few simple and easy steps from below as follows to renew your SSL certificate at cPanel hosting:
Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
The link is in the lower right corner of that page.
Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
Check with your hosting provider / cPanel AutoSSL / Let’s Encrypt / Certbot / ACME and renew the SSL it in case if needed
Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).
I am not sure what that is. Some kind of AMP plugin for WordPress?
If so, then the AMP Real URL feature at Cloudflare could help you. You don’t have to remove anything or disable at your web hosting / origin server. It does the “background job” regarding SXG and SSL to show your domain instead of some Google AMP CDN link in the URL address bar of the AMP link when a visitor opens it from his mobile phone/Google search/Google News.
Furthermore, due to the WordPress, I would strongly recommend to run it over HTTPS, and there is actually an action like define('FORCE_SSL_ADMIN', true); for the wp-config.php to define it, if so:
In case you have some hard-codded HTTP links, Cloudflare has got the Automatic HTTPS Redirection and possible way to have Always Use HTTPS options (already asked and mentioned) to offer:
It can be difficult to keep track of my SSL and disable the “Always use HTTPs” when the renewal time nears.
Also I do not want to activate any AMP real URL.
So what might happen if I decide to keep “Always use HTTPs” disabled permanently and never use “AMP real URL”?
Your Website would be available via HTTP and HTTPS, hopefully you don’t have a caching plugin for WordPress and hopefully WordPress is set to work over HTTPS.
Otherwise, duplicate content on HTTP(S) version of URLs, some possible issue with the cookie login if you enter domain.com/wp-admin/ in the URL address bar and your Web browser opens HTTP, then upon success, you’re logged into (or not?) to HTTPS area and similar stuff could happen.
If your Website canonical link is set to HTTPS, while your scheme is HTTP, and your submitted sitemap is HTTP while you have both HTTP/HTTPS version of URLs, you might end up having duplicate content and some warnings/issues on Google Search Console.
Could be messy a bit, depending how WordPress is configured and how cPanel .htaccess file too.
Might be it’s all okay and working good “as-is”.
Always Use HTTPS would to redirect all requests from HTTP to HTTPS, therefore no duplicate content and similar issues.
If you are using a AMP plugin for WordPress, which adds the link element with “amphtml” URL, and if your Website is indexed on Google, I am not aware anymore, but in past I remember it throw some warnings and errors in the Google Search Console about AMP URLs not being met the guidelines and standards as they should be.
AMP Real URL fixes that.
That’s from my experience and viewpoint what I suppose could and would happen, if so.
Might be I am wrong about it.
Thank you for feedback.
I am glad if I can help and provide some useful information
Nevertheless, despite “Always Use HTTPS” and Cloudflare, you might already have the issue even without using Cloudflare and “Always Use HTTPS” option being enabled.
Unfortunately, a lot of websites are like that and owners aren’t enough technically skilled (we can’t know all the stuff right?) or doesn’t have someone else to check that few things for themself.
That’s to question your web hosting provider and might have to inspect how your web host is configured, for example like if it does the redirection from HTTP to HTTPS already or not, do you already have duplicated content or not and similar.
So, we both not saying it’s a good or bad, rather discussion what are the odds and benefits including the available options.
Furthermore, you can give Cloudflare a try for a month for free, always, see how it goes, ask questions here at the Community. We’d be glad to answer or discuss further possible solutions. Of course, if not suitable, you can always switch back
Thanks for the helpful advice, Fritex,
Yes, actually my site does have the HTTP to HTTPs and to www redirects correctly configured through htaccess. You can check my site homemade-circuits.com, it will always end up using www and HTTPs no matter how you search it.
I also wanted to inform you that as per your advice I have integrated Cloudflare with my site, and I have kept “Always use HTTPs” option disabled and hoping that now I won’t have the Auto SSL renewal issue every 90 days for my origin site.
I have also enabled Argo Tiered cache setting.
Except the above I have not touched anything else to make sure i don’t run into any unknown conflicts or issues with my site.
So far everything looks good, and I am not seeing problems with my site.
I checked my GSC and it is not showing any AMP related problems either.
Therefore so far everything looks good.
My biggest concern is the Auto SSL renewal issue which I hope will not happen now with the “Always use HTTPs” option toggled OFF.