Website still not secure after setup

Hi everyone.

Just set up cloudflare on a new website:

However my browsers are still reporting its unsecure. I have HTTPS redirects/rewrites turned on in the cloudlfare settings and I set up the nameservers correctly on Godaddy (I’ve done this before with a previous website and didn’t have these issues)

Any idea what could be going wrong?

Working here:

What exactly is getting shown on your end and where do you see it?
Console? URL-Bar?

Thanks M4rt1n.

I’m actually getting a warning on Chrome and Edge. saying this:

Your connection is not private

Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn more


Then I have to click Advanced -> proceed to actualy get to the site.

For me it clearly states it is secure:

(sorry its german, but it states that the Certificate is valid for your Domain and all Subdomains)

May you want to show which SSL Cert is getting used for you?
Also there is a special post about this issue:

1 Like

Hmm, this is very strange. I even cleared my browsing history and cache and still get the error.

How would I show you my SSL Certificate?

Ill also check out that link.

In Chrome click on this Icon:
SSL Cert inspect
Then on “Certificate” and when just screenshot what is shown

This would usually indicate that your local DNS is not properly resolving your site. Check your browser’s Dev Tools (F12 in Chrome) and look at the Network tab to see which IP address and response headers you’re getting. The headers should indicate it’s Cloudflare.

1 Like

Here’s my certificate:

Not valid anymore. As its was valid till 05.04.2018.

1 Like

Sorry I’m not the most website savy. How would I go about resetting the certificate? Clearly you got the new one. How do I get it on my end?

1 Like

Go and install a new Lets Encrypt SSL Certificate and then re-check.
But also you seems not to be proxied by CF, so this also might be right:


So your NS are not propagated completely or you are using local/other DNS settings which are pointing your Domain directly to your IP (just for you seems like)

Yes true. :sweat_smile:

There are two SSL Certs.

  1. CloudFlare SSL Cert (this is valid)
  2. OriginServer SSL Cert (this is NOT valide)

Just reissue a new Lets Encrypt SSL Cert and you should be good to go for the SSL Part.

Your other problem is that you (dont know yet why) are not getting routed through CloudFlare

1 Like

Maybe I should give it some time? I just set this up last night so maybe I have to wait a day for propagation?

I’m also outside the US at the moment, not sure if that changes anything.

How to I go about reissuing a new certificate? is that done through the Cloudflare panel?

Everything about your origin Server is getting done on your origin Server.
Where you are located doesnt matter normally if the NS entries are propagated

So is this a problem specificly for me right now?

It seems your able to access the site fine.

But the other problem is the invalid SSL-Cert

1 Like

Since it seems you’re able to install your own cert: If you can’t generate a Let’s Encrypt certificate, a Cloudflare origin cert would be a great alternative:

But it would not work for him if he is not getting routed through CloudFlare, as its not a valid public SSL Cert, just valid for CloudFlare. This makes sense and I’m just using CF-Certs, but for him it would not work since he is not getting routed through CloudFlare

1 Like

How do I get myself routed through cloudflare? Is this a hardware issue? or an issue with the service provider?

To debug this a bit, could you run:


in your CMD/Console/PowerShell whatever and provide us the output?

Seems like your DNS lookup for your Domain is getting cached or the NS are not propagated yet and therefor you are currently not getting routed through CloudFlare as you are taking the direct way to the IP.

Also this must mean that you are using CloudFlare in SSL Mode “Full”. After we are done you should change to “Full (Strict)” But wait untill everything is ready

Here ya go:


Non-authoritative answer: