502 Bad Gateway with Full SSL and redirect loop with Flexible SSL

Hello Cloudflare Community members! I have been trying to fix the issue for the last 6 hours.

Domain: ***
SSL: Issued by Sectigo Limited and valid, it did work before adding the site to CF.

Problem: If I use Full or Full (Strict) SSL on CF, the site displays 502 Bad Gateway. I have tried to install Cloudflare Origin CA but the problem doesn’t go away. I have tried disabling CF completely by changing the nameservers back to pre-CF and the website worked fine.

I could use Flexible SSL but then if I force HTTPS via CF (either a page rule or the setting in Crypto) it creates a never ending redirect loop. .htaccess doesn’t have any HTTP->HTTPS redirects.

The only solution is now to use Flexible SSL with optional SSL but I want to only have HTTPS traffic.

Could someone please help with this issue?

It sounds like your website isn’t responding on Port 443 (HTTPS)

Go to Cloudflare DNS and set that host to :grey: and see if you can connect to the site with HTTPS. Does that work?

There is a plugin Cloudflare flexible ssl (not written by Cloudflare but third party). After that u can resolve this redirect look when using flexible SSL.

I set the host to :grey: and now I can connect with HTTPS. Previously I changed nameservers back to private ns and it worked with HTTPS and the certificate was valid.

How should I troubleshoot this problem?

That’s good so far, so it’s strange it’s not responding. Here are some general tips, but I’m not sure any apply. Maybe your web host can investigate what’s happening to the Cloudflare connections.

I agree that it is strange.

On a side note: with Flexible SSL it works. It’s just a redirect problem when I try to force all traffic through HTTPS in CF control panel, however I don’t have any redirects on the server. The website is custom written, no Wordpress. There is a “Community Tip” topic regarding the redirects, but unfortunately none of it applies.

That redirect issue is weird, also, since your site works fine on HTTP.

As you troubleshoot this, you can open a ticket:
Login to Cloudflare and then contact Cloudflare Support

I noticed in server errors logs there is the following error:

SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Does it mean that Cloudflare is connecting with SSLv3 or that my server’s software is too old?

That is not real SSL I am afraid but still connects via HTTP and you shouldnt be using it but only one of the two Fulls.

Would you feel comfortable to reveal your server’s IP address here? If not, you could also run it through sitemeer.com and post here at what time you checked.

This topic was automatically closed after 31 days. New replies are no longer allowed.