i opened up a new free hosting account and installed a google trust ssl to the free domain name that was provided
it installed properly and went live
*see free domain name - pics #1 and #2
//
then i purchased a domain name, pointed it to the free hosting account, and installed a let’s encrypt ssl to that domain name
in addition, i have set up cloudflare, which is the reason for the paid domain name, and it works - things are being cached and security features are applied
however, i woke up the other morning to these red alert boxes and cloudflare security shows me that over 1000 people from foreign countries were trying to access everything but the main page of the site and the ssl isn’t the right one
*see paid domain name - pics #1 thru #6
//
so now i have a few questions:
why is the active ssl for the paid domain name from google trust, instead of the let’s encrypt ssl which has been installed?
why does the dns section for the paid domain now show these red alert boxes? i do not recall them being there when setting up and testing cloudflare
why does the paid domain work, meaning the browser isn’t blocking it, with the incorrect ssl?
how do i change the active ssl from one to the other?
i will also mention i installed wordpress…
did something in wordpress open a backdoor?
would appreciate any help or insight, thanks
//
sorry for the large image, new users can only upload one. i need more than that to support my post
The red boxes you’re seeing in the DNS section are likely because you’re using Cloudflare’s name servers on your domain. this is normal and there’s no need to worry about it.
Regarding the SSL certificate, when you add your website to Cloudflare, it typically uses a Google Trust Services SSL certificate by default to secure your site traffic. Cloudflare manages this automatically, so you don’t need to manually install an SSL certificate on your server unless you’re configuring a more advanced setup like Full (Strict) SSL mode"
strict mode is still enabled, but cloudflare is just using their own ssl in place of mine?
it is misleading because of the name ‘google trust’. i was thinking somehow the paid domain name was somehow using the ssl from the free domain name since it is also ‘google trust’
but now that i look more closely, i see that the expire date on each ‘google trust’ ssl is different
and, the expire date on the ‘google trust’ ssl for the paid domain name is later that the ‘let’s encrypt’ ssl that i had installed
thanks for clarifying things and giving me an extra set of eyes
Note that the DNS Status card also showed this in the yellow/orange banner at the top.
When your website is using Cloudflare, then Cloudflare will obtain a certificate to secure the connection between your visitors and Cloudflare. The “Live SSL Status” in the client area will show that certificate.
Additionally, Cloudflare can secure the connection between Cloudflare and your hosting account too. The “encryption mode” setting determines if Cloudflare uses HTTPS between Cloudflare and our servers, and how they check the certificate used. To use HTTPS behind Cloudflare, an SSL certificate must be setup on our end too. That’s the “Installed SSL Status” you see.
Note that the DNS Status card also showed this in the yellow/orange banner at the top.
yeah, i did read that… a few times. but the red color and the fact that the ssl changed overnight was ‘freaking me out’.
just a suggestion, change the color of the boxes to reflect the color of the banner.
red is like
[…] Cloudflare will obtain a certificate to secure the connection between your visitors and Cloudflare. The “Live SSL Status” […] To use HTTPS behind Cloudflare, an SSL certificate must be setup on our end too. That’s the “Installed SSL Status”
aha! so it’s best to have both. that’s some valuable info right there.
