SSL configuration big problem


We subscribe to a 5$ certificate ;

A SSL test shows fatal problems on SSL

With the attached pictures, does someone can tell us what mistake we are doing ?

Thanks to all


Is there a way to send you a private message ? (sorry)

Definitely is a .com :slight_smile:

The screenshot which wasnt there :smile:

@user412, you can run a quick check at and tell me the time when you ran it.

and before @sandro mentions it, doesn’t think much of Flexible SSL. BTW, the domain is listed at the top of the Qualys image… so if you want to keep that confidential, you may want to delete the image.

1 Like

Very good find :+1:t2:

That domain does not go through Cloudflare but hits your server directly, hence it takes whatever is configured on your server.

1 Like

Ok guys, you know it,
Can you give us the good advice … the goal is to debug our situation , thanks

1 Like

See my reply from just now.

1 Like

Also, you do have a certificate on your server, but it is not valid for your domain. So “Full” will work but not “Full strict”.

You might want to install a valid certificate, regardless of whether you want to proxy or not.

Considering you purchased a dedicated certificate you probably do want to proxy. So you will need to change the applicable web related records from :grey: to :orange:.

Also, switch from “Flexible” (screenshot) to “Full” or better “Full strict”. For the latter you will need that valid certificate though.


strict … but even if we want some subdirectories to stay in non encrypted ? (does “no-ssl” page rules will apply for those sub-dirs ?) (newbie question, sorry)

Is there a reason why you would want certain paths to be reachable by HTTP-only?

There are some old scripts doing “cron syncs tasks” we dont want to repoen in the next days, so yes, in the hurry if it is possible to keep it live some 8 or 10 more days …

(Thanks for your attention) - Can you tell me what do I have to do in the DNS config ? I thought I was already on proxy no ?

Aouch - i understand - do i have to delete the first “A record” ?

How are cron tasks related to HTTP? Please dont tell me you send network requests to run some local code :slight_smile:

Anyhow, if you really really really really must you can set certain paths to “Flexible” via a page rule, but I’d keep “Full strict” as default (dont forget the certificate!).

1 Like

No, the record looks fine that way and should proxy now.

1 Like


(strange, the Cloudflare remark that says

“An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.”

Please see this community tutorial.

Looks to me like if could be your FTP A record which is correctly set to :grey:.

1 Like