So you will need to ensure you have a ‘www’ A record as well as your root (@) A record configured pointing to your webservers external IP. You should be able to add the record on that page.

Cloudflare’s SSL frontend will then work properly as long as your domains name server records are pointed to Cloudflare. HOWEVER - as @sandro mentioned this isn’t your only step. To ensure communications between your web server and Cloudflare (and anyone who might know your public IP for that matter) you need to install a SSL certificate on your server as well.

Regardless of e-commerce, you are logging into your WordPress instance which, in turn your credentials will be sent to your webserver un-encrypted once it leaves the Cloudflare network. Basic MITM attacks can get your password and take over your site.

Everything in the following post can be executed between Cloudflare and your origin server if it’s not secured:

What’s your domain?

www.olivierburnside.com (except www no longer works)

Thanks for your help.
To be honest, pretty much all of this is so unfamiliar to me that it’s really hard to make sense of it all

Well, yes, you don’t have a “www” record and need to add that.

But that record won’t secure your site and you still need to follow through on what was already mentioned.

Why you should choose Full Strict, and only Full Strict has all details on that, on top of what @sdayman already posted.

Right now I am afraid your site is insecure, but securing it is a matter of a couple of minutes. Either get a Let’s Encrypt certificate again or aforementioned Origin certificate.

You really need to find a new hosting provider if they cant handle Let’s Encrypt of one of the many other ‘free’ SSL vendors.

Is there one you would recommend?

Recommend? Did you check out the article?

As already mentioned

I run my own dedicated servers and shell scripts for hosting/lets encrypt - so I can’t recommend one over the other. I can just point you to some examples of places I know will work: (I’m not affiliated with them)

I have friends that use HostPapa (Canadian Hosting company) that support LetsEncrypt just fine.

I work with OVH a lot and they offer a personal hosting service which includes LetsEncrypt. Link

But listen to @sandro and @sdayman about running an insecure website. That article is great.

I’ve just spoken with my host, TSO. They now say that they can install Letsencrypt, but I need to find the certificate for myself on Google, send it to them and they can install it

In a Cloudflare context, there are admittedly occasionally issues with getting an LE certificate issued. Either because the DNS validation does not work or the HTTP validation does not get through the proxied.

But that’s all naturally a poor excuse to drop SSL altogether.

Plus, Origin certificates can be issued within minutes. We have been talking here now for about an hour. In that time you could have provisioned Origin certificates for all of Google’s datacentres

Plus, it’s not like there are not thousands of such threads on the forum anyhow.

I’ll take a look at the article but have to admit that my understanding is limited

Just get an Origin certificate, that will be easier than getting one issued via LE.

With an Origin certificate it is a couple of clicks and you have the key and certificate. It’s explained in the article as well.

Thanks, are those the ones that you can get for up to 15 years?

Yes, that’s the one. Cloudflare issues Origin certificate for up to that many years. Whether you really want to have such a long validity is another question of course, but you can.

So two things

1. Get a certificate and secure your server
2. Add the “www” DNS record to have that resolve as well

Thanks, I saw a tutorial about that and think I should be able to manage it!