Hello
I have tried flexible SSL settings - currently on Full with a Letsencrypt cert on the server - but my web app does not load - I can see the requests on the server - there are no errors in the logs - no HTML is returned.
Any ideas?
Thanks in advance
That is generally not a good idea as that legacy mode (together with Full) will not only drop all encryption from your site but will also break your site.
For starters, switch to Full Strict and verify if the site loads fine. If it does not, pause Cloudflare to verify if the site loads without Cloudflare. If it does not, you need to contact your host.
So when I do this (with LE cert on the server) my php file with phpinfo() call no longer loads - with flexible settings AND no LE cert on the server the phpinfo file works.
However the main app does not work at all its like index.php is not handling the requests for pretty URL handling like going to /user/login etc etc
Thanks Sandro for getting back - and sorry for late reply
That suggests your server is not properly configured.
Keep Cloudflare paused until the site loads fine on HTTPS and talk to your host (or whomever is responsible) to fix the site. Once it loads fine on HTTPS you can unpause and will also work on Cloudflare.
I have paused CF now - the server was working fine prior to enabling CF - Im testing on my demo app at the moment - so w/CF paused the site comes back and I get my login page for the app
On HTTPS?
Sorry yeah meant to confirm w/LE cert
What’s the URL?
I have full (strict) on pause will I un-pause CF?
Sure.
Do you have any IP rules in place on your server?
I dont
CF un-paused and you can now see the login page is blank 
Yeah, I do get a blank page as well, however based on the response headers, that should still be served by your server. There was recently a similar posting, where the user also had an issue with the origin serving different content and that was apparently an issue with the server configuration. After restarting it worked fine.
I would try restarting the service, if that still does not work, you’ll need to go through the server logs.
The issue seems to be limited to the “demo” host. Do you possibly have any load balancer or some similar traffic management?
Nope no TM or LB setup - I rebooted the server still same - no errors in logs and can see the requests in apache access - even bogus requests return 200 response
If the requests reach your server, it’s definitely a server issue. I am afraid you can only debug the Apache and PHP setup. Cloudflare sends the same host header, so it should reach your virtual host. Apart from that, it could only be that your code does not like the Cloudflare IP addresses or something about the headers.
Sandro - thanks for your help and time really appreciate it - I’ll keep on debugging -
What I do notice is the responses with a blank page do not have the PHP session cookie, so maybe Apache does not even pass it to PHP.
Oh good observation - I have disabled CF again to test the SSL on the server and its A rated according to SSL labs - going to un-pause and continue
SSL is not the issue, your server has a valid setup, just make sure you have Full Strict selected.
The issue here will be something either with your Apache setup or the PHP code. Either it does not like the Cloudflare IP addresses (rate limiter?) or something about the headers, but unfortunately that you can only determine with good old debugging 