So, I’m not that good with the back end of web design and I’m okay with front end sometimes. Recently I decided to try add a store to a website I have for blogging which I have hosted through Bluehost and supported by Cloudflare. When I first started to try add a store to the site I installed the woo commerce plugin to the wordpress site and followed the steps suggested. This destroyed my entire site wiping it from existence. Luckily I had a backup and was able to save it.
I then tried to do this through a subdomain which seemed like a safe bet, then if anything went wrong it would be separate from the main site.
In trying to do this I first had DNS issues which I contacted Bluehost about and they sorted it out. Next I had SSL issues which they instructed would be resolved by switching from Full Strict on Cloudflare to Flexible. Which I did and it did make the store work. However, this seems to break my main site.
I contacted Bluehost again to see if they can see why that was. They then changed something which seems to work for most of the site. However, now some features no longer work such as images. To resolve this Blue host suggest I need to change the URL of all of my images to http from https. This would be an immense task that seems redundant as I want my site to be https especially my store so why would I change everything to http?
Apparently, according to Bluehost if I want my site and subdomain to be operational it needs to all be http on a Flexible setting through Cloudflare.
Is this true? Surely, Cloudflare can support https on both domain and subdomain without all of this?
There is no difference with Cloudflare on a domain vs a subdomain. Recommending Flexible, especially on an ecommerce site, is terrible practice as half the connection with your users’ data is left unsecured. That should always be Full Strict.
What issue/error did you have when it was Full Strict?
Ah, OK. That means that Bluehost don’t have a certificate for the new subdomain. Ideally they should be able to issue one just like they presumably did for the root domain. If they can’t, will they let you install your own certificate? You could then use a Cloudflare Origin Certificate there.
Agreed. That response makes very little sense to me. The only thing I can suggest is if the main domain is working, switch the subdomain from to so it points directly to Bluehost, then ask them to get it working with HTTPS. Once they’ve done that, set it back to and you shouldn’t get a 526.
No worries! If you go to your Cloudflare dashboard and click the domain, one of the tabs along the top is DNS. Go to the DNS tab, look down the list until you see a record with type A, AAAA or CNAME and the name of the subdomain. Click edit next to that one and there should be either a toggle switch next to the or you can directly click the to make it , then save the record.
Thanks, appreciate it.
I have done that change and requested Bluehost to set up the Https for the sub domain. Their immediate response was to set cloudflare to flexible. I told them I’m not going to do that. Then they said we could try full instead of full strict which also doesn’t work.
I don’t really know what their deal is.
If a host suggests that it is time to pack the bags. Either they don’t know what they are talking about or they don’t care the slightest about you having a properly secured site. Either is a no-go for a webhost I am afraid.