Bad SSL Redirection

Hi, guys

I’m noticing something strange, I have a site where this SSL is DISABLED, however, Cloudflare is redirecting to HTTPS.

For testing, I created a dns entry with a random IP at the end, and even then, it pointed to HTTPS, confirming that it is something in Cloudflare.

The domain is:
palomacetko10.xyz

Test #1 (Where I pointed to a random IP):
teste1.palomacetko10.xyz

Test #1 (Where I configured it to not go through Cloudflare’s dns):
teste2.palomacetko10.xyz

Comments:

  • I noticed that the problem only occurs in Google Chrome (I don’t know why), in other browsers this redirection does not occur
  • Tested in different cities, with different ISP, same problem
  • Within Cloudflare, HSTS is not active

Hello

I also noticed that, in Chrome, I get a different response from other browsers.

Cross-Origin-Resource-Policy: Cross-Origin
Location: /www.palomacetko10.xyz/index.php
Non-Authoritative-Reason: DNS

Or rather the Chrome browser due to the “HTTPS-only” option being “forced” and/or enabled “by default”, recently :thinking:

May I ask have you tried using a different Web browser, or tried clearing your Web browser cache?
How about using a Private window (Incognito mode) or a VPN connection if possible?
Is it the same behaviour on your mobile phone (4G LTE, mobile data, cellular)?

It opens on HTTP for me, Cloudflare proxied.

It opens on HTTP for me, not proxied.

I got the Connection timeout 522 error.

May I ask if you are using Page Rules to achieve this, or? :thinking:

The “Always Use HTTPS” and the “Automatic HTTP Rewrites” options both are disabled at CF dashboard? :thinking:

Hello

There is nothing connected to active SSL, I even removed the certificate that Cloudflare had generated (via API, I deleted the certificate), now, when I access the site, I am redirected to Https with:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I don’t understand how it can be redirected to HTTPs without having an active SSL.

I have already cleared the browser cache, dns cache, tested another dns server, updated my Chrome, however, the problem continues exclusively in Chrome.

The only thing different is the response when having access without ssl:
Non-Authoritative-Reason: DNS

It looks to be now the SSL is disabled.

Hello people

I found out how to solve.
What I’ve identified is that when there is a generated certificate, chrome identifies and redirects it, even if no redirect is configured.

To solve, I made a PATCH to:
/client/v4/zones/XXXXXXXXX/ssl/universal/settings

With Payload:
{
“enabled”: false
}

A few minutes later the certificates (Main and Backup) are deleted, and after about 10~15 min the site automatically stops redirecting.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.