I have been using Cloudflare’s Universal SSL service set to “Flexible” for my Wordpress site hosted on Network Solutions. Yesterday, I migrated the site from Network Solutions legacy hosting platform (that used traditional non-SSD drives for their servers) to their Worpress optimized hosting platform. The migration was a success but I am unable to access my site via https as I get an HTTPS internal error warning message. My research indicates that the cause may be due to my site migration to a different hosting platform within Network Solutions which uses different shared hosting servers than my original NS hosting platform uses, I would need to submit a new CSR to Cloudflare so that the SSL connection to my new NS servers can be validated by Cloudflare.
My new hosting set up for my site is a little different than my previous setup. My new Network Solutions hosting package now provides a free SSL certificate that they are installing for me today. They told me that once they set it up, my site will be associated with a new proxy IP which I will then need to use to update the A Records in the DNS tab at Cloudflare. QUESTIONS:
How do I need to set up my Cloudflare account with my SSL certificate (once they install it later today) in order for SSL to work properly again?
Do I need to delete any of my current Cloudflare Edge SSL certificates and create new ones?
Do I need to delete and generate a set of new Origin certificates since my site is now hosted on different shared servers?
Do I need to worry about a new CSR if I will have an SSL certificate installed on my server by my site host (which I did not have before the migration on my previous hosting package at NS)?
Current Set up on Cloudflare and Other Relevant Info:
My domain has not changed and remains the same as before.
I have one universal and a dedicated SSL certificate for my domain.
I have a set of Origin certificates associated with my domain.
My SSL setting was set to “Flexible” for the prior site location (before the migration) when I did NOT have an SSL certificate installed on my server for my site as I will have now.
Based upon what you say, you’ll need to change your SSL setting here to Full (Strict). This way Cloudflare will connect to your new platform using TLS, instead of HTTP (Flexible).
That’s it. You don’t need to re-do the Cloudflare TLS certificate, as that’s ready to go.
No need for an Origin Certificate, as you new platform already provides a certificate.
If changing to Full (Strict) doesn’t fix it, go to your Cloudflare Overview settings for your domain and use Advanced to “Pause Website.” This way the connection will go direct to your new server, and hopefully that will work.
Thanks so much for this helpful guidance. I was able to get access to the site earlier once the host side SSL certificate was installed but I made a mistake deactivating the “Cloudflare Flexible SSL” plugin thinking I wouldn’t need it now that I have a host-side SSL certificate intalled. Unfortunately, deactivating it caused an “HTTPS too many redirects” message and I lost access to the WP admin and the site. Apparently, that plugin is still needed despite using the “FULL” SSL setting on Cloudflare. Very strange.
I successfully restored my site data about an hour ago and then had to reassign the domain to the newly restored installation directory. It says that it could take 24-48 hours to propagate. Meanwhile, whenever I try to connect to my WP Admin or the site, I get an “Error 525” SSL Handshake error page saying that the browser (me) and Cloudflare are working but there is a “problem establishing a connection to the origin server.”
Given what I described, could this error be related to needing more time for the domain assignment and associated IP address to propagate?
Assuming I am able to restore access to my site, could you also advise me on the best practice for the URLs in the WP General settings. I have read that it is best to leave both the WP and the site URLs as http rather than https because it is better to let Cloudflare force HTTPS rather than risk a conflict with WP if its URL settings are also set to HTTPS. Do you have advice on this?
After speaking to my host provider’s support team just now, he explained to me that the most appropriate SSL setting at Cloudflare is probably “FULL” rather than “FULL strict” because their SSL certificates are more at the self-signed level rather than the higher standard that the “strict” seems to refer to. They also suggest wait until the morning to see if the domain assignments propagate and naturally reestablish a valid SSL connection with my site on its own.
If you have any other insight about this situation, I would greatly appreciate it.
Actually, I just realized that when I had to delete the installation of WP on my hosting package in order to install a fresh copy of WP, it changed the DNS nameservers back to the host rather than the Cloudflare nameservers. I had to go back and change the nameservers back to Cloudflare’s just a couple of hours ago. I would imagine they have not propagated yet. Would that be a likely influence on the Error 525 messages?