Hi, can anybody help at all. I have a xx.today domain and a video.xx.today sub domain with two separate scripts (for a close knit forum, I’d rather not advertise the actual domain) on shared hosting. I set up a free Cloudflare and chose the orange cloud for the main domain and grey cloud for the sub domain in the dns settings (the sub domain needs to upload more than 100mb so I wanted that to bypass Cloudflare. Both the main domain and sub domain have individual Alpha SSL certificates that we purchased a while back.
What SSL setting should be set in Cloudflare? The host says “flexible” but that is fine until a user logs into the site the padlock disappears then becomes unsecure. I have it now set to full strict but not sure if that is the right one really? Should it be flexible but host has a setting wrong?
Since setting up Cloudflare and changing the nameservers my sub domain video.xx.today has became unreachable. I get this in the browser ERR_NAME_NOT_RESOLVED. In the DNS setting in Cloudflare there is an A record entry for “video” and it points to the host’s ip.
May I ask if you’re going to serve video files on your proxied sub-domain?
If so, you might end-up violating the ToS 2.8 section. I’d rather suggest you serving them from an unproxied (DNS-only) hostname / sub-domain or use the paid Cloudflare Spectrum service.
Before moving to Cloudflare, was your Website working over HTTPS connection?
If so, did you had an valid SSL certificate installed at your origin host / server which covers both your naked (root) domain any any other needed sub-domain like www, mail, etc.?
May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?
Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:
In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare Origin CA Certificate:
@fritex thank you for replying. Like I said the video.xx.today sub domain which has a video script I have grey clouded to bypass Cloudflare. The main site xx.today which has a separate forum script which only has text and images is orange clouded because that is the script that I wanted speeded up.
The main site xx.today with the forum script seems to be working perfectly and is a lot faster. When I click on the padlock it shows an E1 Cloudflare certificate.
The sub domain video.xx.today with the video script now loads but the site is broken with broken images showing and just a list of hyperlinks. When I click the padlock it shows a Sectigo certificate that I was using before I set up Cloudflare.
Before setting up Cloudflare and changing the nameservers to Cloudflare the xx.today main site and video.xx.today sub domain each had a separate sertigo certificate and both loaded perfectly fine (just the main site xx.today was slow). Since changing to the Cloudflare nameservers the xx.today main site is a lot faster BUT the video.xx.today is now broken.
I have tried flexible, full and full strict ssl in the Cloudflare settings, none load the video.xx.today site properly. At the moment I have it on full strict.
I have been back and forth with the host support who tend to take days to reply and not give full explanations but the last contact said something about mixed content on the video.xx.today sub domain but I don’t understand why the sub domain loaded perfectly before Cloudflare but since setting up Cloudflare even having the sub domain bypass Cloudflare (grey cloud) it doesn’t load properly. Is Cloudflare doing any blocking even when grey clouded? I tried enabling Automatic HTTPS Rewrites but that shouldn’t make a difference if the sub domain is grey clouded should it?
I tried testing the sub domain url with ‘why no padlock’ and it shows my sectigo certificate passed and mixed content also passed with a “you have no mixed content”.
What comes to my mind, despite SSL and possible mixed content issue you’re saying, as far as you’re using sub-domains and content, I wonder if you might also have some kind of an issue with the Access-Control-Allow-Origin HTTP header for some kind of the content type not being propperly loaded and shown?