Before someone suggests - I don’t want to change from Flexible to anything else. It was working fine with Flexible before, and I want to get back to that state. Some of my subdomain connections (Teespring and Vercel) probably require Flexible (grey cloud instead of orange for DNS proxy), from what I recall, and I do not want to lose those connections.
I suggest praying to Namecheap, if you require assistance.
Cloudflare has never been running algorithm 1 (RSAMD5) with their DNSSEC, maybe you want to change it to algorithm 13 (ECDSAP256SHA256) through you registrar?
That said, I will still strongly advice you to change that Flexible, to Full (Strict), so that the users of cybar.dev can actually trust the website.
Ok, I’m switching to Full (strict) and toggle-cycling Universal SSL. Will get back to this thread with an update in an hour or so if it fixes the issue.
As for lying to people…
If it’s not meant to be used, it shouldn’t be there.
I’m the main user of my sites. They’re usually only static webpages, not webapps with backends.
Don’t think it’s possible to lie to myself…
Regardless, if it works, I’ll keep it Full (Strict). Thanks for the suggestion.
I changed the Algorithm to 13 as you suggested. But there’s another column saying “Digest”. Do I have to change the value of that? If so, to what? (where to get that value, Namecheap, Cloudflare, or elsewhere?)
That is absolutely correct. Sadly, Cloudflare disagrees.
The content of your website does not matter at all, as Man in the Middle attackers can change the content however they want.
The thing is, if you don’t think your site needs to be secure, you could always change SSL to Off instead of Flexible. That way, potential visitors know that the connection is not encrypted and can choose whether they want to visit anyway.
With Flexible, it looks like the traffic is encrypted when it’s actually not, and people might trust it more than they should.
But honestly. Flexible SSL mode was introduced back when SSL certificates were expensive and most small sites couldn’t afford SSL. Many hosts didn’t even offer you the option to use HTTPS, even if you wanted to pay for a certificate.
Today, most certificates are free and there is no good reason not to secure connections with HTTPS.
Thanks a lot for all your help. That all worked, so my site(s) are back up again. Me happy~ :3
And thanks for the links, explanations, and detailed information. Learned a lot more in this one hour than the last week trying to solve it myself… Thanks again~
I have marked what I think is the solution - a combination of: