Completely Bricked Site

Hello!

I had a Flexible SSL on my wordpress site. When trying to customize under the Appearance tab, I would get an error that there were too many redirects.

I had an aesthetic issue with my site, so I decided to deactivate all my plugins and activate one by one to figure out what was causing the issue. This caused me to become completely locked out / bricked with the Redirect error loop.

I logged in to CF to change from Flexible to Full, which may have caused a certificate issue. I tried going back to Flexible and now I get the error in two different browsers:

This site can’t provide a secure connection

terricaskaggs.com sent an invalid response.

ERR_SSL_PROTOCOL_ERROR

My current SSL status is:

Universal SSL Status Active Certificate

Can anyone point me in the right direction please?

1 Like

Your site appears to be set to :grey:, not :orange:… So SSL is not enabled.

Do you have an SSL cert on your server or can you get one? You should and then set the mode to Full.

Hi domjh!

Thanks so much for responding. I think I was trying (and failing) to switch back and forth between :grey: and :orange:, to no avail with either. I don’t believe I have an SSL cert; I was using CF for that.

How should I go about that?

For SSL to work, it should be set to :orange:.

Ref. SSL Certificates, the modes are explained below.

Flexible

The connection between your visitor and Cloudflare is secured, but the connection between Cloudflare and your server is not. You will not need a certificate on your server for this mode. This option is NOT RECOMMENDED if you have any sensitive data processed through your site.

Full

The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to be configured to accept HTTPS connections and have a certificate

Flexible is not recommended and should be avoided.

You should contact your web host about getting an SSL certificate on your server. They may support automatic Let’s Encrypt certificates. Alternatively, they may allow you to install your own certificate, you can generate one under Origin Certificates in the SSL/TLS app of your Cloudflare dashboard.

i was having the same issue for one of my domains, too many redirects if i enable “always use https”… even when cloud was enabled and cert showed active. it took a couple of days for cert to regenerate. Also the certificate was showing invalid for domain, hence i would get insecure warnings. Now i have another domain for which i am waiting for certificate to generate for 5+ days now.

Try disabling “always use https” and see what error you get. Basically its trying to redirect you to a secure site over and over and fails.
Test using inprivate mode to avoid caching issues.

Generally it is because the server redirects http to https but as CF is using Flexible, it connects over http.

This is one of the reasons why I suggested getting a certificate installed and switching to Full.

Hi @gbtota!

Thanks so much! I did disable the always use https, as well as set it to :orange: and now get:

This page isn’t working

terricaskaggs.com redirected you too many times.

ERR_TOO_MANY_REDIRECTS

I’m guessing this is where I do what @domjh suggests and switch to full and find a certificate to upload.

Yes, it is often Flexible that can cause a loop.

https://support.cloudflare.com/hc/en-us/articles/115000219871-Why-does-Flexible-SSL-cause-a-redirect-loop-

See if you host can help with installing a certificate :slightly_smiling_face:

Right i had a valid certificate on the server; its the Cloudflare certificate that was showing as invalid. Also flexible should not be using a certificate when talking to origin as far as i can tell from your diagram. So only cloudlfare certificate is in play here.

https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

@Gabber, I have responded in your original thread for your issue.

No, flexible does not use a certificate on the server, which is a security issue as the traffic between Cloudflare and the origin is unencrypted.

Right but in my case origin had a valid cert but Cloudflare cert was showing invalid for domain.
Because if it was valid redirect would only be once http:// via Cloudflare to https:// via Cloudflare valid cert. You never hit the origin directly. Whole idea of flexible ssl is that you dont need a cert on your origin to serve https via Cloudflare, isnt it ?

I have GoDaddy and honestly, may need to find a new host. I just switched to Full and got the 525 error.

Please forgive the simplicity in my questions. I can’t remember where or if I uploaded or obtained a certificate before when I set this up. Where should I look?

If you get a 525 when you switch to Full, it means that you don’t have a certificate on your server.

GoDaddy is known for this kind of thing! They make you pay extra for everything… Including certificates and are generally fairly unresponsive to requests for help.

You could switch hosts if you want or see how much GoDaddy would charge to install an SSL certificate if your plan doesn’t include one.

Go to SSL/TLS app in Cloudflare and under section " Origin Certificates" generate a free certificate then import it into GoDaddy.

Similar step except you wont be using “lets encrypt it” but instead cert from Cloudflare.

https://www.godaddy.com/community/SSL-And-Security/How-to-install-your-own-SSL-certificate-for-FREE-with-GoDaddy/td-p/98667

If your GoDaddy plan supports SSL, as I said earlier, then yes this will work. As it says in @Gabber’s linked article, not all plans include it though.

Yes but flexible SSL should be working. if the “cloud icon” is on for all subdomains on yoursite and you get that redirect error. That probably means issues with couldflare cert. As the visitor should never hit your origin “Godaddy” server directly when they are going via Cloudflare and flexible ssl.

If you renable it and get the too many redirects message, check the certificate details of the couldflare cert.

I have never seen a redirect issue caused by a Cloudflare certificate not being issued.

I have also checked the domain in question and it has a valid Cloudflare SSL certificate.

in my case it was issued, but was not valid for my domain. This issue was reported earlier on this forum.

In this case, the certificate is issued and valid :slightly_smiling_face:

Yeah i checked for my case and Chrome was definitely showing the “RED lock” for Cloudflare cert and my subdomain were not in there. Maybe some propagation issue with the Cloudflare network of certificates where some get a valid cert and some dont. I cant tell you, but all i know is Chrome was warning me “Red Lock” that cert was not valid and when i inspect it all it showed was Cloudflare sni but not my domains/subdomains.

This guy has error 525 so he is not using Fexible SSL. Thats a different issue, he changed to “Full” probably because he was trying to fix the initial issue with flexible ssl.