Technically challenged vs SSL Https Bluehost and the world


So, I’m not that good with the back end of web design and I’m okay with front end sometimes. Recently I decided to try add a store to a website I have for blogging which I have hosted through Bluehost and supported by Cloudflare. When I first started to try add a store to the site I installed the woo commerce plugin to the wordpress site and followed the steps suggested. This destroyed my entire site wiping it from existence. Luckily I had a backup and was able to save it.

I then tried to do this through a subdomain which seemed like a safe bet, then if anything went wrong it would be separate from the main site.

In trying to do this I first had DNS issues which I contacted Bluehost about and they sorted it out. Next I had SSL issues which they instructed would be resolved by switching from Full Strict on Cloudflare to Flexible. Which I did and it did make the store work. However, this seems to break my main site.

I contacted Bluehost again to see if they can see why that was. They then changed something which seems to work for most of the site. However, now some features no longer work such as images. To resolve this Blue host suggest I need to change the URL of all of my images to http from https. This would be an immense task that seems redundant as I want my site to be https especially my store so why would I change everything to http?

Apparently, according to Bluehost if I want my site and subdomain to be operational it needs to all be http on a Flexible setting through Cloudflare.

Is this true? Surely, Cloudflare can support https on both domain and subdomain without all of this?

Hi @adam.cochrane02,

There is no difference with Cloudflare on a domain vs a subdomain. Recommending Flexible, especially on an ecommerce site, is terrible practice as half the connection with your users’ data is left unsecured. That should always be Full Strict.

What issue/error did you have when it was Full Strict?

That’s what I thought. Thanks for confirming.

When I had it on full strict the sub domain would return an error 526 page. Invalid SSL.
Does that thelp?

1 Like

Ah, OK. That means that Bluehost don’t have a certificate for the new subdomain. Ideally they should be able to issue one just like they presumably did for the root domain. If they can’t, will they let you install your own certificate? You could then use a Cloudflare Origin Certificate there.

Per your suggestion, I asked them this and they responded with:

"There is no need to purchase any additional certificate from cloudflare

There is page URL in cloudflare which is resulting in redirect error when it is set to https

page URL is similar to redirect , so please ask cloudflare to disable https redirect on their end

Thank you"

Very confusing.

Agreed. That response makes very little sense to me. The only thing I can suggest is if the main domain is working, switch the subdomain from :orange: to :grey: so it points directly to Bluehost, then ask them to get it working with HTTPS. Once they’ve done that, set it back to :orange: and you shouldn’t get a 526.

Sorry, this is where the Technically Challenged part comes in. How do I switch the subdomain from :orange: to :grey: so it points directly to Bluehost?

No worries! If you go to your Cloudflare dashboard and click the domain, one of the tabs along the top is DNS. Go to the DNS tab, look down the list until you see a record with type A, AAAA or CNAME and the name of the subdomain. Click edit next to that one and there should be either a toggle switch next to the :orange: or you can directly click the :orange: to make it :grey:, then save the record.

Thanks, appreciate it.
I have done that change and requested Bluehost to set up the Https for the sub domain. Their immediate response was to set cloudflare to flexible. I told them I’m not going to do that. Then they said we could try full instead of full strict which also doesn’t work.
I don’t really know what their deal is. :roll_eyes:

Ugh, thy don’t seem very helpful!

I’m glad to hear it!

No idea. Not the subdomain is pointing directly to them, they should definitely be able to get SSL working. If they can’t, I would recommend finding a better host!

If a host suggests that it is time to pack the bags. Either they don’t know what they are talking about or they don’t care the slightest about you having a properly secured site. Either is a no-go for a webhost I am afraid.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.