Site not Secure on chrome - also expired certificate shown on safari

Site -
I’ve set up Flexible SSL option on Cloudfare and installed ‘Cloudfare Flexible SSL Plugin’ on wordpress.
However, I still see ‘Not Secure’ on the address bar for all the pages.
Also, when I try to open the site on Safari Private mode, I see the following message :

How can I resolve this?

First mistake :slight_smile:

Install a properly valid certificate on your server, switch to “Full strict” on Cloudflare, and the issue should be fixed.

Right now you have an insecure configuration.

Still not working.
I followed the instructions (in the following url) to generate certificate and install on server via godaddy Cpanel

What could be the further issue? Do I also need to change the http to https in general setting in wordpress? or add a page rule for auto https redirection on Cloudflare?

You do have a valid certificate on your server now. Did you switch to “Full strict”?

Changing the URLs probably is a good idea too.

I changed the URLs to include https (did this using Really Simple SSL plugin) … however, now I’m getting the following response. Also, checked CloudFlare… it is set to Full Strict.

That looks actually fine now. Now it is just a DNS propagation issue on your end. Wait a couple of hours until your resolver has the new value and the site should load fine on your end too.

And you have a properly secured connection now.

sure… I’ll wait… Meanwhile could you check if this is not an issue:

I came across this while logging into wordpress admin

No, that is fine. An Origin certificate is only trusted by Cloudflare’s proxies but not by browsers.

Cool thanks… I’ll wait for few hours to check if the changes are propagated correctly.

You could also try to force a DNS update, but that depends on the resolver you are using.

The site is showing padlock for most pages; however, is showing ‘not secure’ for few pages owing to mix content. Can you help me with some link that explains how to resolve the mix content issue.

Hi @prodmonk,