Temporarily redirect ssl to non-ssl

Hi there,
I’d like to temporarily (302) redirect all https requests to http.

The reason: The SSL certificate on the host server expired this morning and I won’t be able to acquire a new one until Tuesday morning.

It’s for a clients account (not this one because although I have access, the community access hasn’t been set up and it’s a long-weekend).

I have adjusted the .htaccess on the server to allow for non-ssl access and I have turned the crypto SSL to none.

I’ve also added rules as illustrated here:

screencapture-dash-Cloudflare-7854c085d4c0e74da62044652a26e0c2-bcsla-org-page-rules-2019-06-29-13_06_381440×847 151 KB

None of this seems to have taken. I can access the site if I go to http://www.bcsla.org but if I go to https://www.bcsla.org, I get the message that the SSL certificate has expired, danger, danger, turn back.

Any ideas?

Your DNS records are not proxied, hence none of the page rules will fire.

You will need to enable proxying first, but in this case your certificate would not reach the client any longer but only the Cloudflare edge. Would proxying be okay with you? If so, I would suggest you switch your SSL mode temporarily to “Full” instead of “Full strict”. In this case Cloudflare will accept the expired certificate. Once you have renewed your certificate you should switch back to “Full strict” or simply disable proxying again.

If proxying is not an option, it will be more difficult as you’d actually need to make sure there is a rewrite, however even the rewrite will not execute if the visitor does not confirm the expired certificate.

My advice would be to enable proxying and sort out the expired certificate as quickly as possible.

Thanks @sandro. I will check my account. I didn’t realize it had a setting to proxy the DNS. I assumed by virtue of using Cloudflare my DNS was proxied by default. Is there a downside to enabling proxying?

Oh, I think I see what you mean. I had SSL turned off. I had turned it to Flex because I thought that would allow visitor https access using the Cloudflare cert while Cloudflare connects to the host server as http. Then I read in the help for the SSL section that turning off SSL would automatically redirect visitors to http.

I have now turned it to Full and purged the cache. I am still not being redirected to http and I get the not-secure warning in the status bar.

Proxying is only enabled if the record is marked as , otherwise Cloudflare only provides DNS services for that record.

As for downsides, not really, respectively it depends. Your traffic will be routed through Cloudflare’s datacentres, where it will be partially cached. It can dramatially improve your response times, but sometimes also decrease performance. Another (security) aspect to consider is that your traffic will be temporarily decrypted on Cloudflare and then re-encrypted (assuming you dont use Cloudflare’s encryption breaker ) and sent on a separate connection to your server.

That is awesome!

Until now, I didn’t really understand the orange/grey cloud status.

Not only has that resolved the issue but now I can remove those Page Rules use the Cloudflare assigned ceritficate.

Thanks a million!

This topic was automatically closed after 30 days. New replies are no longer allowed.