Support » Plugin: Cloudflare » Activating SSL

  • Resolved John

    (@dsl225)


    Hello, first time user here.
    What is really needed to be setup in order to get SSL secured https pages?

    I’ve enabled “Automatic HTTPS Rewrites” in settings but pages still load not secured.
    Does this need some time to propagate or or do I miss something else?

    Thanks.

Viewing 15 replies - 1 through 15 (of 15 total)
  • Hi,

    Do you still have issues?

    Thread Starter John

    (@dsl225)

    Not sure I understand.
    Is Cloudflare providing SSL certs or do I need to install it by myself first?

    Thread Starter John

    (@dsl225)

    Thanks but this is even more confusing.
    I registered a new website at CF that doesn’t have a SSL cert.
    What I’m supposed to do in order to have https?
    Does CF provide those certs for free or not?

    Yes, CF provides free SSL certificates, but there are different ways to configure.

    Enabling “automatic HTTPS rewrites” in the plugin won’t cause your web pages to be served via HTTPS. It just will help resolve mixed content errors on the page, if the page has already been called via https:// — but if someone navigates to http://yoursite/page it will still be served over regular http.

    To enable SSL from your web site, you can begin by going to the “Crypto” setting in cloudflare and choosing the “Flexible SSL” option.

    Then navigate to your site via https: and see whether the site loads for you over https:// (with the lock icon displayed on the browser).

    Thread Starter John

    (@dsl225)

    OK got it, thanks for your patience!

    My settings were correct and the https was already working but, of course, I needed to change the site’s address also as well as the login menu.

    I HAVE to change the site’s address to “https”, right?
    Anything else to change at site’s settings?

    Thanks again.

    Yes, once you have testified to verify that https:// works for our site, then the next step is to change WordPress settings to https://

    However, that won’t prevent people from linking or accessing your site at http://

    If you are want to force https, then you either need to set up an .htaccess mod rewrite rule on your site, or add an “Always use https” page rule via Cloudflare. Before you do that, however, I’d suggest checking your site for mixed content errors — that is something that may happen on any page that has an embedded image or script loaded from a nonsecure source. You will find those by checking for broken lock icons on your browser.

    The cloudflare plugin will fix some of those by the automatic rewrite option, but it will only rewrite the links that the plugin can verify are available via https — so in my experience it won’t catch them all.

    Please note I am no affiliated with Cloudflare — I’m just another user who has been through this myself, and I noticed that you asked a question 3 weeks ago and never got a response. The Cloudflare staff is usually excellent at providing support, but I guess your question got accidentally overlooked, and I thought I’d try to help out to at least get you started with the process.

    Thread Starter John

    (@dsl225)

    Great, that’s crystal clear.
    First time I understand how this works…

    One last question: should I modify the site’s address at Google Search Console or is this supposed to be done automatically? I tried to do this but was lost in there once again and was unable to modify the “http”.

    Thanks!

    Yes you should modify your Google search console, but I do remember having trouble figuring out how to do that and so I can’t give instructions. I think you have to set it up as a separate site. Here is the Google info page: https://support.google.com/webmasters/answer/34592?hl=en

    Thread Starter John

    (@dsl225)

    Thanks a lot, I think we are done for now.
    Marking this as resolved.

    Your help is greatly appreciated!

    Thanks @abigailm, nice explanation 🙂

    Thread Starter John

    (@dsl225)

    This is exactly the sort of guide that should be online at CF site.

    Hello John, I just wanted to tell you to be prepared for losing position in google for some time, because Google will now look at your website as a new domain, because of “S” in your domain now (https instead of http).

    My website was completely lost for a week (maybe even more, and it was a loong week when I noticed that my website disappeared from google, I have a website ranking first for most of keywords).
    What helped is adding a https version of my website to Google Search Console, so do that ASAP (as soon as possible). So don’t remove http, just add https version.
    You will see that for some time, number of indexed pages of your website for https is 0 (ZERO) 😉

    It probably depends on the site, because I didn’t experience any problems with search ranking on my sites. However I rolled things out more slowly — first setting up SSL & testing it, then adding to my Google search console and also updating incoming links on other resources (such as social media accounts, etc.) — and only switching to forced (always use https) after several weeks. So this gave plenty of opportunity for indexing.

    I’d note that I manage a very busy site that is indexed by Google very frequently.

    I did need to take my time testing in any event, to make sure that I had caught and resolved all mixed content errors. This was a big project on some of my larger and more well developed sites.

    Thread Starter John

    (@dsl225)

    Thanks to both of you.
    Yep, that’s right, we should ADD the https site at Google Search Console and still keep the http for some time.

    I tested the move to SSL for the first time with a site that has not much traffic in order to see how things work and I’m really astonished to find out how complicated it is for existing sites (probably much less for new sites) and the lack of good tutorials.

    Most online guides fill tons of pages explaining all the usual blabla you’ll find anywhere (why it is important and why you should make the move to SSL) but I found none listing the steps you’ll have to take in order to accomplish this – with or without CF – and what changes you’ll need to perform for existing sites in order not to lose your rankings.

    Even Google Search Console is absolutely helpless in this regard.

    The only accurate and useful help I found was with this thread, from Abigailm.
    Even CF own guides and online help topics were really useless in my case.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Activating SSL’ is closed to new replies.