Got SSL with Cloudflare but website still shows up as HTTP

I’ve just built my first site with SSL encryption courtesy of Cloudflare but the site still shows up as HTTP:// when you view it unless you physically type in HTTPS://

is there a fix for this? The site is of importance to it’s owner so I’m reluctant to experiment too much incase I screw something up.

You will need to redirect with an .htaccess file
here is a sample .htaccess file:

# htacess to remove www and redirect to https replace yourdomain with domain needed
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L] 

You can also do this within cloudflare you will need to check out there help area.

you will need to check with your host as to were to place the .htaccess file.
take care testing all redirects. You may want to replace the r=301 (2 of them) with r=302 until you have tested completely.
return code 301 are permanent redirects so the will get cached.


Hi Doug,

Thanks for this - now the page won’t load though, “too many redirects”… :confused:

Any further suggestions? I’m on my knees here.

Did you do the redirects with the htacess or cloudflare?
From the message it sound like you are using Safari?
Did you use the r302?
Do you have any other redirects?

If you used htacess rename it and clear your cache to set it back to the way it was. Also reset cloudflare.
Some print outs of what you have and a URL might help us debug.

Ok there is a common misconception about using a .htaccess file to redirect to https://. I found this out by going to Apache IRC and asking a while back as I was attempting the same thing (and it wasn’t working). I’ve never used cloudflare so I"m unsure what you need to do in a more specific way. Are you hosting your own server? If not who is the web hosting company?

The proper command entered in a configuration file for Apache (if linux) is:
Redirect permanent / https://your_domain/
If running more than one domain then there would be one http://configuration file where the command should reside and another for the actual https:// domain.

My suggestion would be contact your web hosting company and ask them about how to enter the Redirect command.

you may set up an Cloudflare page rule, mine looks like this

Just a simple ask, but did you add HTTPS “(settings) (general)” web address? Always check the simple things first.

1 Like

Hi all, thanks for coming to the rescue. Yeah in the end i stumbled upon the stupidly simple page rule options on cloudflare which sorted it out instantly and awesomely.

Thanks Doug, yeah I was using Safari but Chrome had an issue with it too. Interestingly Firefox was fine and yeah I used r302.

I contacted the host first but they had no clue, they re-edited the .htaccess file a little bit and error404d the site and then said “whoops well we don’t know what we’re doing - you’re on your own - bye”. LOL

But yeah, more thumbs up for cloudflare and you guys. Thanks for being awesome.

This is the solution, as I had the same challenge.

100 points for you… before enforcing https you should check your site in different browsers first. some browsers will show warning popups when scripts, fonts or components are loaded over uncrypted connections. Some Webs I must publish locally and search & replace every http:// to https:// globally using Coda2. @dan if you’re reading this thread, maybe this could be a new feature in future versions? kinda publishing post-processor? searching and replacing strings? would be helpful for me.

1 Like