Regarding SSL and AMP pages

Hi Everybody,
Thanks very much for your kind support!
I am about to set up Cloudflare with my Bluehost Wordpress VPS site, however I have a few confusions which I wanted to clarify here:

  1. Since my VPS site already has an SSL which SSL on Cloudflare should I select? Full SSL or Full Strict?
  2. After this step should I also enable "Always use HTTPs. What if I don’t enable this?
  3. And if I enable “Always use HTTPs” will this have problems with my origin SSL whenever it tries to go through a renewal process?
  4. My site uses AMP plugin (reader mode), will Cloudflare have problems with my AMP pages on mobile, do I need to remove AMP before installing Cloudflare?

Thanks very much in advance for your kind replies.
Swag

Greetings,

Thank you for asking.

To answer on your questions:

  1. Should be Full (Strict) SSL. Kindly have a look here for more information regarding correct SSL settings at the SSL/TLS tab on Cloudflare dashboard:
  1. Would be good to use it.

  2. Nevertheless, there are some tricks for example when cPanel users don’t enable this so the cPanel AutoSSL can be renewed each 60-90 days or so (as far as it needs and uses HTTP). Nevertheless, you can check the date on the AutoSSL certificate in the cPanel or some other way via openssl, therefore at least few days before it’s expiration date you disable Always Use HTTPS, after the process successfully renewed the SSL certificate, you re-enable it again.

    In case it fails, you could do a few simple and easy steps from below as follows to renew your SSL certificate at cPanel hosting:

    • Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
    • The link is in the lower right corner of that page.
    • Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
    • Check with your hosting provider / cPanel AutoSSL / Let’s Encrypt / Certbot / ACME and renew the SSL it in case if needed
    • Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).
  3. I am not sure what that is. Some kind of AMP plugin for WordPress?
    If so, then the AMP Real URL feature at Cloudflare could help you. You don’t have to remove anything or disable at your web hosting / origin server. It does the “background job” regarding SXG and SSL to show your domain instead of some Google AMP CDN link in the URL address bar of the AMP link when a visitor opens it from his mobile phone/Google search/Google News.

Furthermore, due to the WordPress, I would strongly recommend to run it over HTTPS, and there is actually an action like define('FORCE_SSL_ADMIN', true); for the wp-config.php to define it, if so:

In case you have some hard-codded HTTP links, Cloudflare has got the Automatic HTTPS Redirection and possible way to have Always Use HTTPS options (already asked and mentioned) to offer:

From the Docs:

From the blog:

1 Like

Thank you for your kind reply,

It can be difficult to keep track of my SSL and disable the “Always use HTTPs” when the renewal time nears.
Also I do not want to activate any AMP real URL.
So what might happen if I decide to keep “Always use HTTPs” disabled permanently and never use “AMP real URL”?
Thanks again.

Your Website would be available via HTTP and HTTPS, hopefully you don’t have a caching plugin for WordPress and hopefully WordPress is set to work over HTTPS.
Otherwise, duplicate content on HTTP(S) version of URLs, some possible issue with the cookie login if you enter domain.com/wp-admin/ in the URL address bar and your Web browser opens HTTP, then upon success, you’re logged into (or not?) to HTTPS area and similar stuff could happen.

If your Website canonical link is set to HTTPS, while your scheme is HTTP, and your submitted sitemap is HTTP while you have both HTTP/HTTPS version of URLs, you might end up having duplicate content and some warnings/issues on Google Search Console.

Could be messy a bit, depending how WordPress is configured and how cPanel .htaccess file too.

Might be it’s all okay and working good “as-is”.

Always Use HTTPS would to redirect all requests from HTTP to HTTPS, therefore no duplicate content and similar issues.

If you are using a AMP plugin for WordPress, which adds the link element with “amphtml” URL, and if your Website is indexed on Google, I am not aware anymore, but in past I remember it throw some warnings and errors in the Google Search Console about AMP URLs not being met the guidelines and standards as they should be.
AMP Real URL fixes that.

That’s from my experience and viewpoint what I suppose could and would happen, if so.
Might be I am wrong about it.

Thank you Fritex, for your detailed explanation, I appreciate it a lot.

However now I feel that Cloudflare may not be as straightforward as it looks for a layman like me.

Many thanks, and Kind Regards

Swag

Thank you for feedback.
I am glad if I can help and provide some useful information :slight_smile:

Nevertheless, despite “Always Use HTTPS” and Cloudflare, you might already have the issue even without using Cloudflare and “Always Use HTTPS” option being enabled.

Unfortunately, a lot of websites are like that and owners aren’t enough technically skilled (we can’t know all the stuff right?) or doesn’t have someone else to check that few things for themself.
That’s to question your web hosting provider and might have to inspect how your web host is configured, for example like if it does the redirection from HTTP to HTTPS already or not, do you already have duplicated content or not and similar.

So, we both not saying it’s a good or bad, rather discussion what are the odds and benefits including the available options.

Furthermore, you can give Cloudflare a try for a month for free, always, see how it goes, ask questions here at the Community. We’d be glad to answer or discuss further possible solutions. Of course, if not suitable, you can always switch back :wink:

Thank you for understanding.

Sincerely

Thanks for the helpful advice, Fritex,
Yes, actually my site does have the HTTP to HTTPs and to www redirects correctly configured through htaccess. You can check my site homemade-circuits.com, it will always end up using www and HTTPs no matter how you search it.
I also wanted to inform you that as per your advice I have integrated Cloudflare with my site, and I have kept “Always use HTTPs” option disabled and hoping that now I won’t have the Auto SSL renewal issue every 90 days for my origin site.
I have also enabled Argo Tiered cache setting.
Except the above I have not touched anything else to make sure i don’t run into any unknown conflicts or issues with my site.
So far everything looks good, and I am not seeing problems with my site.
I checked my GSC and it is not showing any AMP related problems either.
Therefore so far everything looks good.
My biggest concern is the Auto SSL renewal issue which I hope will not happen now with the “Always use HTTPs” option toggled OFF.

Many Thanks
Swag

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.