Website not working after signup with Cloudflare

I’m getting an error Warning: Potential Security Risk Ahead

I have changed name servers and i’m stuck

  1. What SSL Mode are you in? (Please not flexible)
  2. Do you have installed a valid SSL Cert on your origin server?

Do you have installed a valid SSL Cert on your origin server? Not sure. I tought that what cloudflare does.

Dont do this… its bad. Still disappointed CloudFlare even offers the option to permanently set your SSL Mode to Flexible.
In my opinion there is only one reason in this whole world to change (just temporary with a bistable flip-flop option) to flexible. And then it should have a timer or grace-period of about 3 min to then switch automatically to “SSL” or “non-SSL”, depending on the fact if the origin server offers a SSL Cert after this grace period. This only imaginable situation is:

if you have set up HSTS and lets encrypt has cached it and therefore will always send requests to HTTPS. Then this flexible mode can help setting up an SSL Certificate.

CloudFlare does not do anything on your origin server and it will never do. As it does not have access to.

  1. Set up a valid SSL Cert on your origin server
  2. change CloudFlare ion SSL Mode “Full (Strict)”
  3. be happy :slight_smile:

How do I do that? And If I do, why do I need cloudflare for exactly?

See 2 of 2 detected certificates

Google domain says

Cloudflare, Inc.

Apr 3, 2021 - Apr 3, 2022

Does have nothing to do with what I’ve said :slight_smile:
Even if you manage it to work with flexible mode its bas practice and unsave.

To secure proxied infos there need to be n+1 SSL Certs. While n stands for the amount of proxy services you have.

Here at CloudFlare is just one proxy so you need 2 SSL Certs. one for each request in the proxy-chain.
So at least one SSL Cert should be implemented at:

  1. CloudFlare to encrypt informations between Visitor ==> CloudFlare
  2. Origin Server to encrypt informations between CloudFlare ==> origin Server

If you are in flexible mode you do not encrypt the traffic behind CloudFlare, but just the traffic at (1)

I changed it to full, no change

For me the page now works properly. But keep in mind that just switching CloudFlare configurations does not do anything good if your origin server is not ready yet.
But seems like it at least is offering a SSL Cert. If you switch to “Full Strict” and it still works then you definitely do have a valid SSL Cert at your origin.

changed it to strict. Still same issue.

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

HTTP Strict Transport Security: false

HTTP Public Key Pinning: false

I do see a different type of issue:

It now states that you do not have a “Valid SSL Certificate” on your origin server.
The Error code is “526” which you can look up here:

I don’t know how you got that showing. I cleared cache

Warning: Potential Security Risk Ahead

Thats a firefox warning, right?
Seems like the DNS is not fully propagated yet and therefore you will hit your origin server directly. As it offers an invalid SSL Cert FireFox warns you about the Cert is not valid anymore and you therefore should not trust this site.

What you should do first is:
Flush your DNS Cache, reboot your machine and reboot your router as all of them are able to cache the DNS entries of your domain and therefore have the old one cached.

same thing, even on mobile

I fixed the problem.

http here I go again. Thanks for your help

Going backwards is not a fix nor a solution :slight_smile:
But anyway better then flexible!

As soon as you install any SSL Certificate on your origin Server please turn on Full Strict.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.