Brand New User - All Sorts of Problems

YNWA2019 · 2019-02-05 18:42:27 UTC

Hi Everyone, hoping you can help sort me out.

We’re testing the product today to see if it’s something we want to extend to our customers, so far it’s left me very confused.

After we migrated our DNS records to Cloudflare we began getting all sorts of SSL errors for an invalid certificate. There is a valid certificate installed in IIS so I can only imagine this was due to Cloudflare attempting to use one of it’s own certificates. We disabled the Encrypted communication on the Crypto tab and that problem seems to have cleared up.
Now were getting a “too many redirections” error. Something is causing the page to get hung up in a loop when it loads which prevents it from resolving in a browser. We have no page rules set up and I can’t find any other settings that would cause Cloudflare to redirect multiple times. We haven’t changed anything at the website level and it still resolves just fine via the IP address (after adding a security exception for a mismatched cert).

Can anyone help with the second issue?

Brad

Judge · 2019-02-05 18:51:29 UTC

If you were using “SSL (strict)”, chances are the certificate isn’t from a CAs listed in the ca-certificates package or the Cloudflare Origin CA, or it’s expired. If your certificate is not valid, you should at least use “Full” SSL so that the connection between Cloudflare and your origin server is secure.

This is likely due to the SSL section being set to “flexible”. When SSL is flexible, the connection between CF and your origin is http:// (this is a legacy feature in order to support origin servers that don’t have any SSL certificate whatsoever), meaning that if your actual origin server tries redirecting http to https, it will cause a redirect loop.

I suggest trying to set it to “Full” or “Full (strict)” SSL again and seeing if your site becomes accessible. If you continue to experience actual errors regarding SSL, post the error here.

YNWA2019 · 2019-02-05 18:54:16 UTC

We actually turned it off entirely since the website itself handles 301 redirects to insure a secure URL is used. on the Crypto tab, SSL is set to “Off” which means it shouldn’t be doing anything, right?

Is it possible that the CDN is causing the issues?

YNWA

Judge · 2019-02-05 19:00:38 UTC

Since the CDN sits in front of the server, it can’t use the certificate sent by the server to encrypt its own connection to the user.

CF will use its own “universal SSL” certificate (or a dedicated certificate) to encrypt the browser<-> CDN connection. Try setting full/full strict and see if it works.

YNWA2019 · 2019-02-05 19:06:43 UTC

Thanks, that seems to have sorted it. No idea why it would start working now and it didn’t earlier today? Perhaps it takes time for CF to issue a valid certificate and we were waiting for that process to complete?

Judge · 2019-02-05 21:12:15 UTC

It does take time for the SSL to be authorized, other times there may be delays in sending out the certificate to all 155+ datacenters. Glad it’s working now.