Cloudflare & SSL in new subdomain

[maicol07]

Hi,

I've created a new subdomain (updates.maicol07.it) where I installed OctoberCMS from Softaculous. CPanel issued a self-signed certificate that expires next year but if you try to open https://updates.maicol07.it it says:

Ahoy! You're seeing this page because you've reached a website on our service that's not configured to accept secure connections (HTTPS).

If you're a visitor, try visiting this site again, removing the "https" in front of the website domain. Please note that your connection to this user's website will not be secure.

If you're the webmaster of this site, we recommend you take a few minutes to set up SSL so your visitors can connect securely. You can do this from your control panel. If you need assistance, please visit our support forums or Wiki.

Thanks for choosing HelioHost!

Sincerely,

What should I do? Wait for AutoSSL? Note that some days ago I've set up Cloudflare.

Thanks

Edited July 20, 2019 by maicol07

[Sn1F3rt]

Which server are you on?

[maicol07]

Which server are you on?

Tommy

[Sn1F3rt]

Then either remove Cloudflare association or ask an administrator to disable AutoSSL on your account. SInce Cloudflare SSL will be breaking AutoSSL  so both can't exist together.

 

Which one do you want to keep?

[maicol07]

Then either remove CLoudflare association or ask an administrator to disable AutoSSL on your account. SInce Cloudflare SSL will be breaking AutoSSL  so both can't exist together.

 

Which one do you want to keep?

If I disable Cloudflare SSL option, will AutoSSL work?

[Sn1F3rt]

Yep it will...you will need to wait for an Apache restart on Tommy(max 24 hours).

[maicol07]

This one, right?

[Sn1F3rt]

Yep.

[maicol07]

What about HSTS and Automatic HTTPS rewrites from Cloudflare?

[Sn1F3rt]

For https redirect:

 

For HTML: 

(Add a meta tag)

< meta http-equiv="Refresh" content="0;URL=https://www.example.com" />

For PHP:

< ?php function redirectTohttps() { if($_SERVER['HTTPS']!=”on”) { $redirect= “https://”.$_SERVER['HTTP_HOST].$_SERVER['REQUEST_URI'];header(“Location:$redirect”); } } ?> 

[maicol07]

I've already set up redirects in .htaccess. So does those two Cloudflare options break AutoSSL?

[Sn1F3rt]

Yes...they will break AutoSSL as wolstech said in : https://www.helionet.org/index/topic/36270-getting-error-while-opening-my-domain/

[maicol07]

Yes...they will break AutoSSL as wolstech said in : https://www.helionet.org/index/topic/36270-getting-error-while-opening-my-domain/

Also HSTS?

[Sn1F3rt]

No...for HSTS add this to .htaccess : 

 

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

[maicol07]

Ok, so now my htaccess is like this and my site is broken by redirect error:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

RewriteEngine On
# This will enable the Rewrite capabilities

# This checks to make sure the connection is not already HTTPS

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
RewriteCond %{HTTP_HOST} ^maicol07\.it$ [OR]
RewriteCond %{HTTP_HOST} ^www\.maicol07\.it$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^status$ "https\:\/\/status\.maicol07\.ml\/" [R=301,L]

Edited July 20, 2019 by maicol07