Setup SSL but still gets warning

Hi,
I am using Cloudflare Full for SSL. I generated all certificates and everything, installed them on server and even tested it with few online SSL testing tools (including cloudflare). Every test returns that everything is OK with SSL and certificates but browsers are giving me every time “Connection is not secure” and I get yellow triangle over padlock.

That will be mixed content. The search here (and on any search engine) will have more on that.

Generally, SSL seems to be properly in place you just need to fix that mixed content issue.

Tnx for fast answer.
Well I suspected that it could be mixed content, but when I investigate code I can’t find any “http” for resources (everything is https:).

I do have lot of external links that some of them uses http, but as I understand external links are not reason for mixed content.

Also, I get this problem for example on login page where there are so little content (one form and one icon), so it would be easy to find mixed content.

Probably the external links then. Whats the domain?

Loads fine for me.

image

Maybe a caching issue.

Wow, now that is strange, as I get it not secure on:
1)Firefox
2) Chrome
3) My mobile device

For example I testet now in Edge which I never used before and it gave this:
NET::ERR_CERT_AUTHORITY_INVALID

That is a whole different issue though.

Does the site load or do you get an SSL warning in the first place?

Only error

So it is not the yellow triangle issue but the whole site does not load?

In that case it will be a DNS propagation issue. Just wait a couple of hours.


But this was not like that this morning. Everything worked… Also I am not sure for propagation as I set up SSL 4 days before.

Precisely what I already wrote, you are talking to the “wrong” server, most likely directly to your server. That is a propagation issue.

Ok, so what to do now? Just wait?

And just to make things little more clear this is what happened in last few days:
1)Added domain to CF and added nameserevers to domain.
2) Used domain for one month without SSL as I was just testing. Everything worked and CF was used as m nameservers
3) 4 days ago I decided to make add SSL. Followed Cloudflare instructions and finished it. I am using Full SSL
4) After I added SSL , I tried to fix mixed content by changing http to https for all images, etc
5) Used it like that for 3 days. I can’t now remember if this error was present from begining and I ignored it by putting page to exceptions or it just appeared today.

I noticed this after I started to intensively test setting and deleting cookies for login and other parts. That is why I few times manually deleted cache. So I don’t know if error was here from beginning but I ignored it and now brought it back after clearing caches or it just appeared today.

That’s what I wrote, didn’t I? :slight_smile:

You can always check if you resolve the correct address, but your site loads fine, so that is not a Cloudflare issue.

Also, you should use “Full strict” as “Full” does not verify the certificate.

Wow I think that that is problem.
I used full and it used self signed certificate and Full strict uses CA as certificate authority what is in fact set on my server.

I thought that Full strict is only for paid CF plans and not for free ones. Now I changed to full strict and we will see will it help

Don’t use a self-signed certificate, that cannot be verified either. You need a publicly trusted certificate or a Cloudflare Origin certificate. Then switch to “Full strict” and you are good to go.

Tnx, I just did it changed to Full strict. We will see what will happen now.
I did installed Cloudflare Origin certificate on my server when was setting SSL keys.

Do I need to wait propagation for this change too, or it should be in effect immediately? I ask this as I still sees same error

Changing that is not related to DNS propagation. That is something your local resolver needs to update.

The site still loads fine (otherwise there’d be a 526), so the certificate on your server must be trusted.

As mentioned before, just wait at this point :slight_smile:

I forgot to ask how log should I wait before it should be working?
What still confuses me is this:


Is it because it is still in progress this Full -> Full (strict) or is it sign that again something is not right.

Also, I fixed all potential mixed content problems whic I found but also which were reported by Chrome inspect.
But it is not reporting mixed content anymore just “Certificate(invalid)”.

Can take anything between minutes and hours, depending on your resolver. You can try to force an update of your resolver, maybe reboot your router.

No, this is because of the propagation. You simply connect to your server.

Right now I am completely on different network than I was this morning so “rebooting router” did not help :slight_smile:

I am not impatient but just would like to start fixing problem right away and not waste time waiting and then to realize that it was not right from the start.

What concerns me is if I have correctly installed CA origin certificate on server. I tought I was but until today I didn’t know that it was not in use in way it should be. So I am worried that I didn’t do everything right. Will there be already signs of it it is not installed correctly.

Also I tried few online SSL check tools, and every one is passed without problems, but again I was passing it even before I changed to Full (strict).