Site is still not https (not secure)

Hello, I have just bought and configured my domain (qorder.xyz) to be HTTPS I have enabled SSL/TLS encryption mode to full.
Also Always Use HTTPS, HSTS, Automatic HTTPS Rewrite are also enabled.
I have changed DNS to be pointing towards Cloudflare name servers.
The is still not responsive to https://qorder.xyz/ request.
(This site can’t be reached qorder.xyz refused to connect.)
On the other hand site without s works (http://qorder.xyz/)…

Can someone help me please. Thank you in advance.

The “site” is still not responsive **
Typo above…

I suggest you use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com. The link is in the lower right corner of that page. Give it five minutes to take effect, then make sure site is working as expected with HTTPS. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

hello, I did unpause it and nothing changed… The domain is HTTP by default I wanted to give it SSL cert with Cloudflare.

Do the following

  1. Check your SSL/TLS security level
  2. Check if you have an SSL certificate (and be sure it hasn’t been revoked or expired)
  3. Check your DNS records (are records being exposed, if so you will see a warning symbol next to the record).

That’s the problem. It shouldn’t be. As your website host to fix this.

1 Like

Hm, I tought I can use Cloudflare to make my site HTTPS for free since SSL certificates are quite expensive from what I have looked…

SSL certificates are rather cheap, respectively have been free since 2005.

Thank goodness for that. I’ve generated probably a dozen certs this week and spent…gimme a sec…zero. Let’s Encrypt FTW!

1 Like

I have bought my domain on provider: onlydomains.com
On their site they offer SSL certificates for 1 year period and that would cost me 40€ each year which seems like a waste of money to me since I just want to test some code on production environment…

If they let you upload your own certificate, Cloudflare can create server certificates:

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

Otherwise, just leave SSL off since it’s just a test site.

1 Like

The problem I have is that I have backend API endpoints hosted on AWS and from what I was reading they request a custom domain which has SSL certificate if you want to have your API endpoints in HTTPS.
I need to have HTTPS since API POST calls aren’t working on HTTP… Do you have any recommendations what should I do?

Is this important?

I don’t quite understand what are you asking me here?

It sounds like you absolutely need HTTPS, but your host doesn’t provide it as part of your plan. If you need it, you should get a hosting plan that includes it. Or pay the 40€ as part of your development costs.

Alright so the best way probably is to find a hosting provider which includes the HTTPS plan by default in the domain cost?

Correct. Most of the good web hosts do this. For example, DreamHost does this for $36/year.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.