I recently needed to upgrade an existing wordpress site to SSL/https:.
This was made more complicated by the fact that it was on a shared hosting server, AND used cloudflare CDN.
This should have been simple:
Except it didn’t work.
I couldn’t get it to reliably use https:// or redirect http://website.com or http://www.website.com
Eventually, after raising tickets with Cloudflare and The hosting company, I found a plugin called “Really Simple SSL”.
This configured wordpress to use https AND rewrote the htaccess file to do the redirects. In the end I had to manually edit the file as my htaccess file is secured, but at least they gave me the code to do that.
I left the cloudflare CDN SSL setting as “flexible”, as anything else caused problems.