Hello, so after completing optimizing and configuring my url to https, how soon should i start seeing my https showing up? ive been refreshing

Your website loads securely for me, what does it show for you?


Try clearing your cache


If clearing the cache does not work, select “Advanced” then “View Certificate”. Screenshot the pop-up window.


Yes it showed up. Thanks

Cloudflare advices me that the full mode encryption i have for https is not secure still and that i should pause cloudflare first then ensure that im on the full - strict encryption mode. Can you allow me to install the full strict ssl certificate with them?

Read for full SSL:


This is the conversation with cloudflare after i was advised here (infinityfree) that full strict is not recommended or advised. I am left stranded, and even wondering could i have obtained full (strict) encryption mode the previous day as cloudflare informs? … Can we re enable it back?

I am really confused, so let’s start from the beginning.

  1. Request a “Self Signed” sertificate from InfinityFree at
  2. Set the CNAME Records for validation. Wait for propagation. How to create the CNAME records for free SSL
  3. Install the SSL cert. How to install an SSL certificate
  4. Go to your CloudFlare Dashboard at, sign in and navigate to your website’s zone.
  5. Go to the SSL and Security section on the left
  7. Now everything should be clear.

Let me know if you have any questions.

You can if you use a trusted provider, such as ZeroSSL or Let’s Encrypt.


CA chains are not supported in free hosting, so you cannot use “Full Strict” here.

“Full” mode is plenty secure, but not the maximum level of security offered.

If you pay money for a host, then yes, CA chains should be supported, or you should get your money back.

If you really want to use “Full Strict”, you will need to upgrade to premium hosting.


yes this is what i currently have, which Cloudflare asks me not to use.

Im told that even if Cloudflare configuration is secure now, my server is still not configured correctly, there’s a security error.

after i received that response thats when the above attached conversation begun, what im i missing? im not a pro in this things, could there be something i need to be told that looks so obvious, kindly mention it, thanks

So you agree that i was on full strict with cloudflare at one point and was detected and barred now i have to pay for host? Coz they say i was already on full strict the previous day

Ignore them, if they actually didn’t want you to use Full, then it wouldn’t exist.

It should be, if you followed my guidance.

If you try to access the server directly, this is expected because it does not recognize the Self Signed SSL. If you are going to use Cloudflare, this shouldn’t be a problem.

This is wrong. In order to use Full Strict you must have a trusted SSL certificate. Cloudflare provides one that they trust, but it is not compatible with our servers. There is a workaround, however. You can use a provider such as Let’s Encrypt, ZeroSSL, or GoGetSSL here and use Full Strict.


Then this should settle it! But will hackers be easy able to pull down my walls with full mode? whats the security difference for full and full strict?

yesterday the support guys got upset i was unpausing my cloudflare to enable full mode instead of following their instruction by enabling full strict. It got me scared that they are really for me to be secure in the right way, but why is the full mode even there if they are serious against it? they should pull it down then.

No, I’ve been using Full for months and nothing has gone wrong.

They are not. You just must use it correctly. I have pointed you how to do that in my previous posts.

i tried using the Lets Encrypt today, if you check i think it needs something or its propagating, im feeling i need to get over this full strict mode, kindly check whats happening on your end.

I’d leave it how you have it right now. It’s working amd it is secure.
Don’t go messing everything up by using some different SSL mode and certificate.

Your previous post guided me well. Thanks. Im already having my https on full mode. what could be the “security error” they were noticing?

They probably got a stale copy.