OK @LeeH, I don’t think that either of these solutions are right for you. You said that the SSL was working fine but on routes where you’re connecting to MySQL you have a problem? That points towards the MySQL configuration, not SSL.
If this were a dev environment issue I’d be stepping through with XDebug to see where it’s failing, but this is a production environment (presumably) so that’s out. The alternative is to turn up your debug/error-reporting level and ensure that you’re logging lots of detail. I would definitely recommend that you try this out. Check your PHP error logs as well. Check the PHP config if you’re not sure where to find them. They’re often in
/var/log IIRC, though this can be configured in your
php.ini and viewed with a
As an aside, I’d still ike to drop some points in about why the other suggestions may be bad for anyone who is considering adding SSL to their apps, however:
As a general rule, don’t use Cloudflare for SSL. The SSL terminates at their platform and the rest of way is unsecured. If you’re carrying any sensitive data then this should be immediately ruled out. It wouldn’t be so bad if they were in the same datacentre, but they’re not. If you’re just doing SSL for SEO then it probably doesn’t matter, but if you’re handling PII or credit card data then don’t use Cloudflare under any circumstances.
There are some AWS related caveats with SSL that catch people out occassionally:
First off, are you using an Elastic Load Balancer? If so then they do something similar to Cloudflare and the SSL usually terminates at the LB. The web server on your instance can’t tell that you’re using HTTPS in the usual way. This is a better solution than Cloudflare because the ELB is in the same datacentre and if you’re using the Virtual Private Cloud then your data should be fairly safe in transit around their platform. It is NOT as secure as having the certificate installed directly on your server, but it’s almost as good.
Secondly, Cloudflare is a CDN, and AWS has one of those, too. It’s called Cloudfront, and if you don’t want to use an Elastic Load Balancer then you can simply put a Cloudfront distribution in front of your EC2 instance and have a free Amazon Certificate Manager SSL certificate applied to the distribution. This has the added benefit of providing edge locations around the world that will cache assets on your site and speed up access for your users. We’ve used it on many of our sites and have had sites that Alexa ranks in the top 10% of the fastest sites in the world, despite heavy use of graphics