Site content is showing different when running on https

ssl
dns

#1

Hi Guys,

My site is actioncertification dot cn. Its showing my site content when running site http://actioncertification.cn but when I am running site using https https://actioncertification.cn then site content is showing different. I am not getting reason behind it.

Please let me know what would be appropriate reason?

Thanks in advance.


#2

Most likely because your server serves different content depending on whether you request it via HTTP or HTTPS. You can quickly test this by setting your TLS mode to “Flexible” (I presume it currently is “Full”). Though, dont keep it on “Flexible” but switch back to “Full” and fix the server configuration.


#3

Hi Sandro,

Thanks for your response.

What we can do in server configuration. Basically I am new in server configuration. So please explain in detail.

Thanks


#4

If you are not managing the server your hoster would have to do it.


#5

Is this configuration of server where file hosted?


#6

What file do you mean? It is the configuration of the server where your domain/site is hosted. Basically your webhost needs to fix the way your site is served via HTTPS.

Your SSL setting in Cloudflare is “Full” or “Full (strict)”, right?


#7

SSL setting in cloudfare is Full.


#8

Hang on a sec, I just realised there might be a mistake in my conclusion.

Considering it is “Full” Cloudflare - unless I am mistaken - should always try to connect via HTTPS, regardless of how you hit Cloudflare itself (HTTP or HTTPS). So the server should always get an HTTPS connection. Hmm, @matteo @MarkMeyer, did I miss anything? Is “Full” not always HTTPS between origin and Cloudflare?! :confused:

@david16, do you have any page rules set up?


#9

There is no any page rules set up.


#10

My opinion here, skimming through the conversation, may have been already said, is:

The host has two different webservers that reply different things depending on the port. There are two solutions if this is the case: ideally is solved by fixing the server, listening to both ports with the same content, alternatively changin the SSL Crypto setting to Flexible, losing the encrypted connection to the origin, but forcing everything to port 80.

For @sandro: the connection is encrypted (and eventually verified if strict) only when the original access is HTTPS.


#11

Alright, that explains it, I wasnt sure if it wasnt always on HTTPS, regardless of how the edge is contacted. Thanks for the clarification, Matteo :+1:.

So there was no flaw in my conclusion :sunglasses: :smiley: and we are back to square one. The issue is with the server.


#12

No… Full‘ means that the traffic between Cloudflare and the origin is encrypted when https is used. There must be at least a self signed cert installed.

Full strict requires a valid certificate on the oringin server.

Edit
Damn. I should reload the page before… :joy:


#13

@MarkMeyer trying to steal the spotlight here!

Happy that you didn’t reply though!


#14

That was not the question. The point was whether a HTTP connection to Cloudflare for a Full-configured domain will be forwarded as HTTP or HTTPS. My initial assumption - and now confirmed by Matteo - was it is HTTP and this is the reason for the issue.


#15

I’ve read the post about an hour ago but was not able to answer. The page didn’t refresh automatically :frowning:


#16

Site is running with https when SSL is in flexible mode. is it safe in this mode. Is there will be any problem?


#17

Please refer to my very first response. This already is covered there.


#18

Depends on what you want. If you don’t care (you should, but while you fix the main issue in the server it’s fine) about encrypted communication from Cloudflare to your origin then yeah, it’s fine.

Otherwise it’s not really… Cutting it short in the explanation since it was already explained


#19

That’s what i tried to say with my post. Sorry i wasn’t clear enough.
I’ll get back to school. Need to learn some English. :joy:


#20

:smiley: No worries, I was just getting confused because I wasnt sure whether a Full-configured domain wouldnt always be on TLS between origin and edge, hence I was briefly not convinced of my own initial conclusion and asked for confirmation. :woozy_face: