Universal SSL - Connection not secure

I currently have a universal SSL certificate & I’ve selected the option to always use HTTPS . When I visit my website my browser show’s the connection is secure.

I’m now looking to do a basic WooCommerce setup with wordpress. When I view the settings for WooCommerce it says “Your store does not appear to be using a secure connection”. Any idea why I am seeing that error? Is it related to using the universal SSL certificate?

What’s your SSL encryption mode? Is it Flexible?
Is there any SSL certificate installed in your server?

The SSL encryption mode is Full. I haven’t installed any SSL certificate on my server. Is that an additional step I should take after the initial cloudflare setup for my domain?

This is weird because Full mode won’t work if you don’t have any SSL certificate installed in your server. How about self-signed certificates or any invalid certificates?

Apologies, I just double checked my web hosting settings. In the SSL section I can see:

SSL: Enabled
CA Certificate: Installed
SSL URL: There is a link provided

I have the option to install a new cert, a new CA cert or to disable SSL

Any detailed information about this? This might be due to invalid SSL certificate installed in your server.

If possible, can you show us the content of the public key/certificate here? NOT private key.

I had previously setup a wordpress plugin that gave me a 90 day certificate. That recently expired so I was setting up cloudflare as an alternative.

I’m not sure how I can locate or check for an invalid SSL certificate on my server. It just tells me there is one installed, but I cannot see more information. Appreciate your help!

With the universal SSL cert, is there an updated certificate I have to install on my website?

I got what you mean. So the 90-day certificate has expired recently, so you are looking for Cloudflare to provide the SSL functionality.

I think it makes sense to have this warning message displayed in WooCommerce, since the SSL certificate in the server has expired.

So what you can do is, grab a Cloudflare Origin Certificate, install it in your server, and set SSL encryption mode as Full (strict) in Cloudflare. This will provide the maximum encryption. And it’s free.

Refer to this documentation:

That was the exact issue. I found a plugin called really simple SSL that automatically configures the site to run over HTTPS. I installed that & it resolved the wordpress error.

Do you think it’s still necessary to install a Cloudfare origin cert?

Great!

Try switching SSL encryption mode to Full (strict) and see what happens?
If you get Error 526 after the change, then you need to consider installing the Cloudflare origin cert.

Reason why Full (strict) mode is preferred: Full (strict) mode ensures that the SSL certificate installed in the server is valid, while Full mode doesn’t ensure the authenticity and validity of the SSL certificate in the server (although it still offers encryption), which can be vulnerable to attacks.

I got the 526 error when I switched to Full (strict). Any context on why you would suggest that over just Full?

Would I upload the origin cert in the SSL section of my web hosting? It provides me an option to install a new certificate or install a new CA certificate?

Thanks again. Really appreciate this help

Here’s the reason:

Yup, create an Origin cert from Cloudflare, then install it in your web hosting. For the CA root cert, refer to this:

Some origin web servers require uploading the Cloudflare Origin CA root certificate. See below for an RSA and ECC version of the Cloudflare Origin CA root certificate. Click on a link to download a file:

Although SSL Full mode just works, but this is consider not the best practice, hence we should use Full (strict) mode instead.

Ok, I got that update & everything is now working on Full (Strict). Thank you so much for your help!

1 Like

Happy to assist.

This topic was automatically closed after 31 days. New replies are no longer allowed.