Cloudflare

[eL_]

Anyone has problems with SSL Certificate with Cloudflare?
I got this error:

I suppose is something in htaccess, but I can't figure out how to sort it.
Anyone can help me?
BTW - SEO Recommendations gave me that issue

 

[TPerry]

What settings are you using in CloudFlare. You have multiple options available.
If you are using the wrong option and do NOT have a VALID SSL certificate being used by your server, then you have to select appropriate options.

 

[eL_]

If you are using the wrong option and do NOT have a VALID SSL certificate being served by your server, then you have to select appropriate options.

I have a valid certificate from my hosting provider.

What settings are you using in CloudFlare. You have multiple options available.

Default ones.

 

[eL_]

This is my .htaccess
I bet it something wrong in here.

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule mod_rewrite.c>
    RewriteEngine On

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to workaround HTTP Basic auth issues when using PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

###- Hosting Optimization -###
### Start
<IfModule mod_headers.c>
  Header unset ETag
  FileETag None
</IfModule>

<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/phtml
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE text/javascript
</IfModule>

<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault A0
  <FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
    ExpiresDefault A29030400
    Header append Cache-Control "public"
  </FilesMatch>
  <FilesMatch "\.(gif|jpg|jpeg|js|png|swf|css)$">
    ExpiresDefault A604800
    Header append Cache-Control "public"
  </FilesMatch>
  <FilesMatch "\.(xml|txt|html)$">
    ExpiresDefault A7200
    Header append Cache-Control "proxy-revalidate"
  </FilesMatch>
  <FilesMatch "\.(php|cgi|pl|htm)$">
    ExpiresActive Off
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
  </FilesMatch>
</IfModule>
### End

 

[TPerry]

Default ones.

I am referring specifically to the SSL options.




As for your .htaccess it looks OK, but since I don't use an HTTP server that reads them I don't keep up with it.

 

[eL_]

I am referring specifically to the SSL options.


View attachment 276854

This is mine:

 

[TPerry]

You may want to change to full (strict) if you have trusted SSL cert, like from LetEnCrypt. The other is for (from my understanding) a certificate you create yourself. I don't know if CloudFlare handles each differently. but I'm pretty sure they do, as my site actually shows MY LetsEncrypt cert and the other method I doubt would since it's not a true "valid" cert.