13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

An SSL issue and question

by glennshep
11 replies
Hi guys,

I wasn't sure what category I should post this in but figured that my question was probably most appropriate in this section.

I have a few domains on a shared host and I have never purchased an SSL certificate for any of my sites. Now, I have been wanting to try out Cloudflare but when I go through the setup process I get a warning message that I have SSL on my site and that the free version of Cloudflare won't work on a site that has SSL, despite the fact that one of my host's selling points for the package I bought was that it connects with Cloudflare and that customers can use the free version.

I checked my main site on a few SSL checking pages and each time the results tell me that an SSL certificate is there but the name doesn't match my domain name. The name it gives is that of my webhost.

Now, here's the thing: is this normal and, is it something that I should have any concerns over?

Trying to get a satisfactory answer out of my webhost is like banging my head against a brick wall. I just keep going around in circles with them and they are not giving me a straight answer. I have explained the Cloudflare issue to them and their reply was that they don't see SSL installed on my site and if Cloudflare insists on having SSL then I need to check with them why that is. No, the problem is that Cloudflare say that I should NOT have an SSL in order for me to be able to use their service! Unfortunately, this is a recurring problem I have with my host's customer support - I never get a simple, straight answer. They always try passing the buck and putting the onus on someone else to address any issues that come up.

So I'm hoping that some kind, helpful Warrior who knows more about this stuff than I do can let me know if this issue is completely normal and nothing to be concerned over or if it's something that shouldn't be happening and I need to get sorted out. If it's perfectly normal then all is fine, however I'm just going around in circles with my host's customer support and not getting a straight answer.

Thanks in advance!

Glenn
#issue #question #ssl
  • Profile picture of the author David Beroff
    If you have not purchased a SSL certificate for your domain, then SSL is not going to work correctly.

    The whole point of SSL is to identify your site, and to reduce the chances that someone can intercept communications with your site. Without that cert, these things don't make sense.

    If your host is clueless, get a different host.

    As for CloudFlare, if they don't support SSL, it's likely for a reason. Perhaps their concern is being able to faithfully transmit communications from the browser to them and then to your site. I don't know. You could ask them.

    In any case, typically, SSL is only needed for a small portion of a site, say, at the point where personal data and/or credit card information is being transmitted. CloudFlare helps optimize portions of your site which have heavy traffic. So why not partition off the areas that actually need SSL, and let the rest get optimized?
    Signature
    Put MY voice on YOUR video: AwesomeAmericanAudio.com
    {{ DiscussionBoard.errors[9297191].message }}
  • Profile picture of the author kpmedia
    Originally Posted by glennshep View Post

    Trying to get a satisfactory answer out of my webhost is like banging my head against a brick wall.
    Who's the host?
    Signature
    FAQ: Need a Site5/Arvixe/Hostgator alternative? And who is EIG?
    Reviews:     Need a good VPS, dedicated server, or unlimited host? (This is NOT a fake "top 10" list!)
    {{ DiscussionBoard.errors[9297410].message }}
  • Profile picture of the author BWHadam
    1- You are using a shared ssl cert on your domain and that is yourwebhost server ssl cert

    2- Have you purchased dedicated IP? you need a dedicated IP address for SSL. as ssl encrypts the information it could be the reason
    for not supporting it. often cache servers and traffic filters do not work with ssl, because ssl encrypts and do not go under the cache server.
    Signature

    Lowest Possible Price Servers- PawnHost.com

    {{ DiscussionBoard.errors[9297542].message }}
    • Profile picture of the author glennshep
      Originally Posted by David Beroff View Post

      If you have not purchased a SSL certificate for your domain, then SSL is not going to work correctly.

      The whole point of SSL is to identify your site, and to reduce the chances that someone can intercept communications with your site. Without that cert, these things don't make sense.

      If your host is clueless, get a different host.

      As for CloudFlare, if they don't support SSL, it's likely for a reason. Perhaps their concern is being able to faithfully transmit communications from the browser to them and then to your site. I don't know. You could ask them.

      In any case, typically, SSL is only needed for a small portion of a site, say, at the point where personal data and/or credit card information is being transmitted. CloudFlare helps optimize portions of your site which have heavy traffic. So why not partition off the areas that actually need SSL, and let the rest get optimized?
      Thanks David, I understand what SSL is for in principle, but thanks so much for taking the time to give that info. SSL isn't something I really need on any of my sites on this server right now so I've never concerned myself about it at all before.

      With Cloudflare, it's not that they don't support SSL. It's just that their free plan doesn't work on sites that have it. Not that I'm against paying for their paid plans, but I don't need anything more right now and, of course, I want to try it out first.

      Originally Posted by kpmedia View Post

      Who's the host?
      I'm with Stablehost. I have to give them due praise for how quickly they respond to support tickets, but the actual quality of their customer service leaves a lot to be desired.

      Originally Posted by BWHadam View Post

      1- You are using a shared ssl cert on your domain and that is yourwebhost server ssl cert

      2- Have you purchased dedicated IP? you need a dedicated IP address for SSL. as ssl encrypts the information it could be the reason
      for not supporting it. often cache servers and traffic filters do not work with ssl, because ssl encrypts and do not go under the cache server.
      No I haven't purchased a dedicated IP. As it happens, Cloudflare supports both static and dynamic IPs. But that's by the by as I don't have, nor want SSL.

      My issue is not "how do I get Cloudflare (or any other service) to work with SSL?". My issue is I haven't bought an SSL certificate and I don't want it. Stablehost are telling me that I don't have SSL on my site. Yet third-party checks (such as what Cloudflare, whose free service is supposed to be compatible with my hosting plan, is doing at signup) are telling me that SSL is present on my site and checker services such as digicert.com and sslshopper.com are throwing up alerts along with messages such as:
      "None of the common names in the certificate match the name that was entered. You may receive an error when accessing this site in a web browser."

      So, bottom line: I have never bought an SSL certificate, don't want one and my site is not supposed to have it. But when checked I am being told that SSL has been found on my site. 1) Is this perfectly normal, to be expected and is nothing to worry about? and 2) if third-party checks are coming up with name-mismatch errors, does this imply that there could potentially be problems       for some people trying to access my site?

      If it's supposed to do what it's currently doing and there won't be any connectivity or false flag issues then fine.

      Thanks, guys, for your input and info. It's very much appreciated.
      Signature
      {{ DiscussionBoard.errors[9298107].message }}
      • Profile picture of the author David Beroff
        Oh. In that case, tell your host that you want this "feature" turned off, for the very reasons that you cite. Another good reason is that you don't want someone to publish the https: version of your URL, and then being forced to support that whenever you eventually change hosts in the future.

        If they can't or won't, and you're not ready to change hosts just yet, then at least use .htaccess to redirect everything appropriately, so as to reduce the chances that someone will think that you intend to keep https: active.
        Signature
        Put MY voice on YOUR video: AwesomeAmericanAudio.com
        {{ DiscussionBoard.errors[9298147].message }}
      • Profile picture of the author damoncloudflare
        Originally Posted by glennshep View Post



        Thanks David, I understand what SSL is for in principle, but thanks so much for taking the time to give that info. SSL isn't something I really need on any of my sites on this server right now so I've never concerned myself about it at all before.

        With Cloudflare, it's not that they don't support SSL. It's just that their free plan doesn't work on sites that have it. Not that I'm against paying for their paid plans, but I don't need anything more right now and, of course, I want to try it out first.
        I'm with Stablehost. I have to give them due praise for how quickly they respond to support tickets, but the actual quality of their customer service leaves a lot to be desireNo I haven't purchased a dedicated IP. As it happens, Cloudflare supports both static and dynamic IPs. But that's by the by as I don't have, nor want SSL.

        My issue is not "how do I get Cloudflare (or any other service) to work with SSL?". My issue is I haven't bought an SSL certificate and I don't want it. Stablehost are telling me that I don't have SSL on my site. Yet third-party checks (such as what Cloudflare, whose free service is supposed to be compatible with my hosting plan, is doing at signup) are telling me that SSL is present on my site and checker services such as digicert.com and sslshopper.com are throwing up alerts along with messages such as:
        "None of the common names in the certificate match the name that was entered. You may receive an error when accessing this site in a web browser."

        So, bottom line: I have never bought an SSL certificate, don't want one and my site is not supposed to have it. But when checked I am being told that SSL has been found on my site. 1) Is this perfectly normal, to be expected and is nothing to worry about? and 2) if third-party checks are coming up with name-mismatch errors, does this imply that there could potentially be problems         for some people trying to access my site?

        If it's supposed to do what it's currently doing and there won't be any connectivity or false flag issues then fine.

        Thanks, guys, for your input and info. It's very much appreciated.

        Sorry, I may have misunderstood what was happening. You're saying that you don't have SSL on the site & checks are showing SSL on the site? What's the domain in question here?
        Signature

        Damon
        CloudFlare Community Evangelist

        Tips for using WordPress with CloudFlare

        {{ DiscussionBoard.errors[9311257].message }}
  • Profile picture of the author damoncloudflare
    Originally Posted by glennshep View Post

    Hi guys,

    I wasn't sure what category I should post this in but figured that my question was probably most appropriate in this section.

    I have a few domains on a shared host and I have never purchased an SSL certificate for any of my sites. Now, I have been wanting to try out Cloudflare but when I go through the setup process I get a warning message that I have SSL on my site and that the free version of Cloudflare won't work on a site that has SSL, despite the fact that one of my host's selling points for the package I bought was that it connects with Cloudflare and that customers can use the free version.

    I checked my main site on a few SSL checking pages and each time the results tell me that an SSL certificate is there but the name doesn't match my domain name. The name it gives is that of my webhost.

    Now, here's the thing: is this normal and, is it something that I should have any concerns over?

    Trying to get a satisfactory answer out of my webhost is like banging my head against a brick wall. I just keep going around in circles with them and they are not giving me a straight answer. I have explained the Cloudflare issue to them and their reply was that they don't see SSL installed on my site and if Cloudflare insists on having SSL then I need to check with them why that is. No, the problem is that Cloudflare say that I should NOT have an SSL in order for me to be able to use their service! Unfortunately, this is a recurring problem I have with my host's customer support - I never get a simple, straight answer. They always try passing the buck and putting the onus on someone else to address any issues that come up.

    So I'm hoping that some kind, helpful Warrior who knows more about this stuff than I do can let me know if this issue is completely normal and nothing to be concerned over or if it's something that shouldn't be happening and I need to get sorted out. If it's perfectly normal then all is fine, however I'm just going around in circles with my host's customer support and not getting a straight answer.

    Thanks in advance!

    Glenn
    Using SSL currently requires upgrading to a paid plan for SSL to work properly, if the SSL is on the root domain or www.

    We will, however, move to making SSL free later this year.
    Signature

    Damon
    CloudFlare Community Evangelist

    Tips for using WordPress with CloudFlare

    {{ DiscussionBoard.errors[9311253].message }}
  • Profile picture of the author kpmedia
    You need to understand how the tech works.
    SSL is https, which is not the same as a "normal" website (http).
    It's not a simple matter of adding an 'S' on the URL.
    Those are technically two different sites. (And yes, you can run two sites, one http and one https!)

    Some of your confusion comes from trying to oversimplify things.

    Stablehost is an excellent host, with knowledgeable people. So rather than ask for something, and then think they're stupid when you get confusede -- listen to them! If it's confusing, ask more questions. They're an extremely newbie-friendly host, which you apparently are right now. That's fine, you'll learn, and they don't mind teaching you.

    Inversely, you may say something confusing to them, not knowing correct jargon/terms. So again, rather than think they're stupid, explain yourself again in another way.
    Signature
    FAQ: Need a Site5/Arvixe/Hostgator alternative? And who is EIG?
    Reviews:     Need a good VPS, dedicated server, or unlimited host? (This is NOT a fake "top 10" list!)
    {{ DiscussionBoard.errors[9311512].message }}
    • Profile picture of the author David Beroff
      Originally Posted by kpmedia View Post

      Some of your confusion comes from trying to oversimplify things.
      With all due respect, I don't think he's oversimplifying, KP. Glenn's most recent post does clearly state (with emphasis added by me):

      Originally Posted by glennshep View Post

      My issue is not "how do I get Cloudflare (or any other service) to work with SSL?". My issue is I haven't bought an SSL certificate and I don't want it. Stablehost are telling me that I don't have SSL on my site. Yet third-party checks (such as what Cloudflare, whose free service is supposed to be compatible with my hosting plan, is doing at signup) are telling me that SSL is present on my site and checker services such as digicert.com and sslshopper.com are throwing up alerts along with messages such as:
      "None of the common names in the certificate match the name that was entered. You may receive an error when accessing this site in a web browser."

      So, bottom line: I have never bought an SSL certificate, don't want one and my site is not supposed to have it. But when checked I am being told that SSL has been found on my site.
      Signature
      Put MY voice on YOUR video: AwesomeAmericanAudio.com
      {{ DiscussionBoard.errors[9311638].message }}
  • Profile picture of the author kpmedia
    It sounds like CloudFlare is attempting to access an https:// on the IP, as opposed to http://site. Right now, I'd contact CloudFlare for clarification on what's going on, not the host. Not yet anyway.
    Signature
    FAQ: Need a Site5/Arvixe/Hostgator alternative? And who is EIG?
    Reviews:     Need a good VPS, dedicated server, or unlimited host? (This is NOT a fake "top 10" list!)
    {{ DiscussionBoard.errors[9311673].message }}
    • Profile picture of the author glennshep
      Originally Posted by kpmedia View Post

      You need to understand how the tech works.
      SSL is https, which is not the same as a "normal" website (http).
      It's not a simple matter of adding an 'S' on the URL.
      Those are technically two different sites. (And yes, you can run two sites, one http and one https!)

      Some of your confusion comes from trying to oversimplify things.
      Yes I am very well aware that it's not a case of simply adding an "s" onto the end and that you can have both an http and an https site.

      Originally Posted by kpmedia View Post

      Stablehost is an excellent host, with knowledgeable people. So rather than ask for something, and then think they're stupid when you get confusede -- listen to them! If it's confusing, ask more questions. They're an extremely newbie-friendly host, which you apparently are right now. That's fine, you'll learn, and they don't mind teaching you.

      Inversely, you may say something confusing to them, not knowing correct jargon/terms. So again, rather than think they're stupid, explain yourself again in another way.
      A tad presumptuous, no?

      I don't think Stablehost's people are stupid when I get confused (not that any confusion on my part is the issue). What I don't like is when anyone replies with dismissive 'It's not our fault you're having such and such a problem, everything's fine here' type of responses rather than actually take the time to either properly look into an issue or properly explain something.

      Respectfully, although I don't know the inner workings of SSL, which I openly acknowledge (I have never had any reason to use it or learn about it), I am far from being a newbie. But I recognise what I don't know and when I don't, I ask questions. When I ask questions I expect a proper reply, not just a generic one-sentence reply that smacks of "I can't be bothered", which is what I have received both with this and past issues (incidentally, I'm not alone in this).

      As for learning from them, well, the previous issue I had with them, involved ME having to tell THEM where the issue lay, despite their insistence as usual that no, they were right and that the problem must have been someone else's fault. It was only after contacting a third-party platform who confirmed what I had been saying all along and then relaying that information to the host, that I saw the issue finally fixed.

      Anyway, I don't want this to turn into a Stablehost bashing thread - that's not the point. All I wanted to know, bottom line, is whether or not it is normal and therefore nothing to worry about, for an SSL check to be flagging warnings that my site has an SSL certificate when it doesn't and for there to be warnings about a domain name mismatch because my host's certificate is being found when my site is being checked. A simple question that Cloudflare's excellent Customer Service kindly answered and explained for me promptly, professionally and without any hassles.

      Thanks to everyone for taking the time to offer their input.
      Signature
      {{ DiscussionBoard.errors[9321419].message }}

Trending Topics