My web hosting company don’t support subdomain SSL certificates. And because Google’s Chrome in July is required HTTPS on all websites (otherwise you get an error your website isn’t safe) I had some deadline to make my blog HTTPS. Cloudflare is a nice reverse proxy solution and the basic plan is free to use also.
So what I did was create a cloudflare account and put my website behind it. After I did that I forced the HTTPS and voila my website was HTTPS. The steps you must take.
Note: this trick will also work if you want to use cloudflare as a reverse proxy to prevent DDoS, to optimize your site security, hide your hosting party backend and make your website a lot faster. If you use a raspbery Pi for example at your home location you can put cloudflare between the visitor and your home IP and save you a lot of trouble.
- If you use the wordfence plugin also be sure your PHP version is higher than 5.6. Otherwise you get some errors and conflicts (more info)
- Go to cloudflare an create an account
- Configure your DNS
- (temporary) disable your DNSSEC at you domain if that is enabled (cloudflare cannot succesfully transfer your DNS otherwise). For me I had to create a ticket with my domain register company
- Cloudflare give you 2 new name servers. Ask your domain registry company to change these DNS name servers if you can change it by yourself
- After a succesfull DNS nameserver change cloudflare shows in the portal everything is ok:
- Now install the wordpress cloudflare plugin
- Fill in your username and API key.
- You can find the Global API key in your cloudflare profile @ https://www.cloudflare.com/a/profile
- Optimize your cloudflare for wordpress in the cloudflare wordpress plugin and enable HTTPS rewrites
- Now edit your url in the settings >general in your wordpress
- And finaly go to cloudflare and enable always uses HTTPS under crypto
Now everything is done and your website is fully HTTPS at the frontend (with automatic HTTP > HTTPS URL rewrites). Because my backend don’t have an SSL certificate all the data between cloudflare and my hosting company is still unencrypted. So this is a nasty workaround but you don’t have any problem with Chrome HTTPS problems in the near future anymore.