Https

If clearing the cache does not work, select “Advanced” then “View Certificate”. Screenshot the pop-up window.

3 Likes

Yes it showed up. Thanks

Cloudflare advices me that the full mode encryption i have for https is not secure still and that i should pause cloudflare first then ensure that im on the full - strict encryption mode. Can you allow me to install the full strict ssl certificate with them?

Read for full SSL:

3 Likes

This is the conversation with cloudflare after i was advised here (infinityfree) that full strict is not recommended or advised. I am left stranded, and even wondering could i have obtained full (strict) encryption mode the previous day as cloudflare informs? … Can we re enable it back?

I am really confused, so let’s start from the beginning.

  1. Request a “Self Signed” sertificate from InfinityFree at https://app.infinityfree.net/sslCertificates.
  2. Set the CNAME Records for validation. Wait for propagation. How to create the CNAME records for free SSL
  3. Install the SSL cert. How to install an SSL certificate
  4. Go to your CloudFlare Dashboard at https://dash.cloudflare.com, sign in and navigate to your website’s zone.
  5. Go to the SSL and Security section on the left
  6. SELECT THE “FULL” MODE
  7. Now everything should be clear.

Let me know if you have any questions.


You can if you use a trusted provider, such as ZeroSSL or Let’s Encrypt.

2 Likes

CA chains are not supported in free hosting, so you cannot use “Full Strict” here.

“Full” mode is plenty secure, but not the maximum level of security offered.

If you pay money for a host, then yes, CA chains should be supported, or you should get your money back.

If you really want to use “Full Strict”, you will need to upgrade to premium hosting.

2 Likes

yes this is what i currently have, which Cloudflare asks me not to use.

Im told that even if Cloudflare configuration is secure now, my server is still not configured correctly, there’s a security error.

after i received that response thats when the above attached conversation begun, what im i missing? im not a pro in this things, could there be something i need to be told that looks so obvious, kindly mention it, thanks

So you agree that i was on full strict with cloudflare at one point and was detected and barred now i have to pay for host? Coz they say i was already on full strict the previous day

Ignore them, if they actually didn’t want you to use Full, then it wouldn’t exist.

It should be, if you followed my guidance.

If you try to access the server directly, this is expected because it does not recognize the Self Signed SSL. If you are going to use Cloudflare, this shouldn’t be a problem.

This is wrong. In order to use Full Strict you must have a trusted SSL certificate. Cloudflare provides one that they trust, but it is not compatible with our servers. There is a workaround, however. You can use a provider such as Let’s Encrypt, ZeroSSL, or GoGetSSL here and use Full Strict.

2 Likes

Then this should settle it! But will hackers be easy able to pull down my walls with full mode? whats the security difference for full and full strict?

yesterday the support guys got upset i was unpausing my cloudflare to enable full mode instead of following their instruction by enabling full strict. It got me scared that they are really for me to be secure in the right way, but why is the full mode even there if they are serious against it? they should pull it down then.

No, I’ve been using Full for months and nothing has gone wrong.

They are not. You just must use it correctly. I have pointed you how to do that in my previous posts.

i tried using the Lets Encrypt today, if you check i think it needs something or its propagating, im feeling i need to get over this full strict mode, kindly check whats happening on your end.

I’d leave it how you have it right now. It’s working amd it is secure.
Don’t go messing everything up by using some different SSL mode and certificate.

Your previous post guided me well. Thanks. Im already having my https on full mode. what could be the “security error” they were noticing?

They probably got a stale copy.

@Kimiti

We know our servers much better here than anyone on Cloudflare

You don’t have a bank but a blog!
Nor is your site a desirable target for hackers in the sense that someone will invest in expensive equipment and hook up (eavesdrop) the fiber optic cable that Cloudflare communicates with Origin.
They “will” hack you in some other ways that are much simpler.

The main reason why I recommended you not to do CA cert
is that you don’t have to make it by hand every three months
but instead use a self sig. cert that lasts longer than 10 years if you wish.

Certificates serve for privacy (protection of some data in the communication)
and not as some magical defense against hacking.

FULL instead of FULL-Strict is for your needs more than enough.

3 Likes

Absolutely! Im not a bank! :laughing: wait a minute…what if installed woocommerce and clients begin puting in their bank details?

3 Likes

WOW, THANKS SO MUCH VERY HELPFUL. That settles it.

3 Likes