Jump to content

Configuring Cloudflare Full SSL on Tommy

Recommended Posts

I've just moved over my Wordpress blog into a free hosting in Tommy, and it's been showing "SSL Not Configured" on my site https://therocketblog.tk/ ever since.

I've added Cloudflare to the site (by changing nameservers to Cloudflare ones) and got Cloudflare up and running. Then, I set Cloudflare SSL to Full Mode and installed a Cloudflare Origin Certificate using the cPanel.


However, the site still shows the HelioHost SSL Not Configured error page and asks me to wait for AutoSSL.


How do I disable AutoSSL? I don't need LetsEncrypt and auto-renewals.

Please help.


Also, if an admin sees this, please remove my other account @sayanjd with email sayanjyotidasworkmail@gmail.com. I can't seem to login with that email, but registering with it says that the "account already exists". For now, I'm using my alternate email address.

Link to comment
Share on other sites

please remove my other account @sayanjd with email sayanjyotidasworkmail@gmail.com.

There is no account in the system with that username or email address. I'm guessing you deleted it already?


it's been showing "SSL Not Configured"

Your site works for me. Maybe try clearing your browser cache?



I have to give you the stanard wordpress lecture. Wordpress is the worst possible software you could run on your account. It causes tons of load even if you hardly get any traffic at all. If you insist on running wordpress keep a close eye on the button labeled "Account Load" in cpanel. If you get close to 100 you have a high chance of being suspended for causing too much load. Wordpress also has terrible security. It's really easy for hackers to get access to your account if you have wordpress installed and most of the time they set up a phishing site or use your account to send spam emails. If your wordpress install gets hacked it means your account will be permanently banned. If you insist on running wordpress anyways make sure it and all of its plugins and themes are always kept up to date. Also most plugins and themes for wordpress are just backdoors for hackers anyways, and as soon as you install them they send out a message to the hacker letting them know your site exists, and it's usually only a matter of a day or two until they get around to hacking it. Wordpress is also really bloated and slow. Since it uses so much memory it gets a lot of 500 errors. Literally any other software you could install on your account would be better than wordpress.
Link to comment
Share on other sites

As for the CF issues, please keep in mind that we don't officially support any configuration involving CF, as it's known to break many of the features in cPanel.


AutoSSL and CF's full SSL are incompatible with one another because AutoSSL will not be able to renew its certs from behind CF's forced SSL connection. The "Full SSL" on CF does require a valid certificate be installed though, and in my experience the CF origin certs are hit or miss. Yours seems to be working, so you're good. AutoSSL won't attempt to replace a manually installed cert as long as it's valid.


Finally, one thing to keep in mind, any time you install SSL certificates, it can take up to 2 hours for them to work (Apache has to restart), and you may also need to clear your cache if there was an expired one you replaced.

Link to comment
Share on other sites

@wolstech & @Krydos, thank you very much. Indeed, the site SSL works; it was displaying the insecure errors because I was using a VPN. As soon as I disable the VPN, the errors disappear. As for the Wordpress, I am a repo contributor to it and I personally know how slow it is :D, but I had to use it since I'm managing the blog for a friend and I didn't have the time to build a whole new PHP website just for a blog.


And yeah, I keep all my plugins and themes up-to-date and I also use the WP bug tracker to see the latest exploits and stuff.


I'll try to keep a close eye on the server usage; in fact this is one of the prime reasons I always use Cloudflare with Wordpress - it caches all the static Wordpress files reducing a lot of load on the origin server.



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...