XF 1.5 Cloudflare SSL issues

[Amin Sabet]

I just changed over all 6 of my XenForo forums to https. I am using the XenForo link proxy and the @digitalpoint image proxy.

I have a valid GeoTrust Rapid SSL certificate on my server for each one of the sites, and all showed the green lock in Chrome prior to setting up CloudFlare.

Yesterday I signed the sites up for CloudFlare (Pro) and within the CloudFlare settings chose Full SSL Strict for all six websites.

Three of my sites still show the reassuring green lock in Chrome:

www.talkemount.com

www.fujixspot.com

www.foreverfilm.org

The other three show the yellow triangle (This site uses a weak security configuration (SHA-1 signature) so your connection may not be private):

www.mu-43.com

www.photographerslounge.org

www.leicaplace.com

Would appreciate any help on getting these to work properly. Thanks!

 

[Chris D]

It's probably a question best asked to the certificate provider and/or CloudFlare to be honest.



The error is suggesting there is a certificate in the chain that is still using SHA-1 which is deprecated and unsupported in favour of SHA-2.

 

[Amin Sabet]

CloudFlare directed me to this page which explains things: https://blog.cloudflare.com/cloudflare-and-sha-1-certificates/

It seems they are in the process of changing over everyone from SHA-1 to SHA-2.

Fwiw, their support seems way better now than I recall it being from when I tried CF a couple years ago.