SSL Certificate Active But Domain Isn't Secured

Hey there - I’ve connected my domain “bloqdrop.com” to Cloudflare and added SSL.

The SSL is displayed as active on the Cloudflare dashboard, however the URL still displays as unsecured when I visit the website. Am I missing a step?

Thanks!

First it looks like the HTTPS version of your site (when manually going to https://) doesn’t work:

image

Make sure your origin server also has SSL enabled so that the connection is also secure from CF <-> your server. Otherwise, If your host charges for SSL, go to the SSL/TLS app and change “SSL” to flexible.


Once you confirm that manually going to the https version - https://bloqdrop.com/ - works, then you can go to the SSL/TLS app of the dashboard and enable “Always use HTTPS” - this will redirect http to https so all visitors will see the secured page.

3 Likes

Thank you for your help, I went ahead and purchased a SSL package from Namesilo so hopefully that’ll do the trick.

Since you did that, make sure SSL is “Full (strict)” in the SSL/TLS app. Currently the HTTPS version of the site has mixed content issues, full strict should generally fix that.

Great - just did that as well, I’m thinking it’ll take a few minutes to reconfigure on the back end.

Looks like I’m still getting a timeout error, hmm…any suggestions? Perhaps I’ll contact namesilo

Is there indication that the SSL is set up or activated at namesilo? the error probably means the port 443 (HTTPS port) isn’t open on the server.

I think I’ll have to talk to the developer I’m working with whose using AWS to host this actually, Namesilo is the domain provider and I believe AWS is the host in this instance, I’m thinking that must be it. Thanks alot!

Ah, in that case you dln’t need the SSL from Namesilo.

Ask your AWS developer to either get something like an AWS certificate [if the service you’re using supports that. Lightsail and EC2 do not], letsEncrypt certificate. or Cloudflare Origin Certificate.

Also see

Restoring Visitor IPs - needed to get the real IP of a visitor

firewalling server to only accept connections from CF - prevent DDOS attacks from bypassing Cloudflare

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.