Cloudflare redirects to https then back to http

Can anyone please help me with requests to my site being caught in an infinite redirect loop? As far as I can tell, my SSL/TLS encryption mode is off. Under my DNS settings, I am redirecting to one of Heroku’s servers, but I don’t (think I) have SSL set up there. When I look at my requests in Google Chrome, my first request looks like:

and then it’s immediately followed by a request that looks the same only from https to http. (I can’t include a screenshot because I’m only allowed to put one image in a post.) I’m assuming that these redirects are coming via Cloudflare because the server field in both requests is “cloudflare”. Does anyone know how to get out of this infinite loop? Thank you very much.

If a request goes through CF, it will say CF regardless. Chances are the redirect is your server itself redirecting HTTPS to HTTP; this might be done by your hosting provider if you don’t run on a dedicated server and don’t pay them for SSL, or if your software is hard-coded for http and redirects HTTPS back.

I’m not paying Heroku for SSL, so I guess that makes sense. But then how do I get Cloudflare to stop redirecting to https in that case? I have it turned off in the SSL/TLS control panel?

This looks like the other way around. CF redirecting to HTTP, origin forcing HTTPS?

If SSL Encryption mode is Off, Cloudflare will redirect any requests over HTTPS back to HTTP.

You don’t need a paid plan on Heroku. It’s been a long time since I used Heroku, but the documentation says you can use a * cert for nothing. So long as Heroku allows you to make requests for your custom hostname even on an invalid Certificate name, this should be fine. Not ideal, but it will work if you are unwilling to use a paid plan on Heroku that generates a real certificate automatically.

It is worth setting SSL mode to Full, and seeing if that resolves the issue.

1 Like

I set the SSL mode to full and now I’m getting a 525 error when I go to my site.

There’s this on Heroku’s support site, so I’m going to try generating a Cloudflare SSL certificate and then uploading to Heroku.

This topic was automatically closed after 30 days. New replies are no longer allowed.