I had a Flexible SSL on my wordpress site. When trying to customize under the Appearance tab, I would get an error that there were too many redirects.
I had an aesthetic issue with my site, so I decided to deactivate all my plugins and activate one by one to figure out what was causing the issue. This caused me to become completely locked out / bricked with the Redirect error loop.
I logged in to CF to change from Flexible to Full, which may have caused a certificate issue. I tried going back to Flexible and now I get the error in two different browsers:
Thanks so much for responding. I think I was trying (and failing) to switch back and forth between and , to no avail with either. I don’t believe I have an SSL cert; I was using CF for that.
Ref. SSL Certificates, the modes are explained below.
Flexible
The connection between your visitor and Cloudflare is secured, but the connection between Cloudflare and your server is not. You will not need a certificate on your server for this mode. This option is NOT RECOMMENDED if you have any sensitive data processed through your site.
Full
The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to be configured to accept HTTPS connections and have a certificate
Flexible is not recommended and should be avoided.
You should contact your web host about getting an SSL certificate on your server. They may support automatic Let’s Encrypt certificates. Alternatively, they may allow you to install your own certificate, you can generate one under Origin Certificates in the SSL/TLS app of your Cloudflare dashboard.
i was having the same issue for one of my domains, too many redirects if i enable “always use https”… even when cloud was enabled and cert showed active. it took a couple of days for cert to regenerate. Also the certificate was showing invalid for domain, hence i would get insecure warnings. Now i have another domain for which i am waiting for certificate to generate for 5+ days now.
Try disabling “always use https” and see what error you get. Basically its trying to redirect you to a secure site over and over and fails.
Test using inprivate mode to avoid caching issues.
Right i had a valid certificate on the server; its the Cloudflare certificate that was showing as invalid. Also flexible should not be using a certificate when talking to origin as far as i can tell from your diagram. So only cloudlfare certificate is in play here.
Right but in my case origin had a valid cert but Cloudflare cert was showing invalid for domain.
Because if it was valid redirect would only be once http:// via Cloudflare to https:// via Cloudflare valid cert. You never hit the origin directly. Whole idea of flexible ssl is that you dont need a cert on your origin to serve https via Cloudflare, isnt it ?
I have GoDaddy and honestly, may need to find a new host. I just switched to Full and got the 525 error.
Please forgive the simplicity in my questions. I can’t remember where or if I uploaded or obtained a certificate before when I set this up. Where should I look?
If you get a 525 when you switch to Full, it means that you don’t have a certificate on your server.
GoDaddy is known for this kind of thing! They make you pay extra for everything… Including certificates and are generally fairly unresponsive to requests for help.
You could switch hosts if you want or see how much GoDaddy would charge to install an SSL certificate if your plan doesn’t include one.
If your GoDaddy plan supports SSL, as I said earlier, then yes this will work. As it says in @Gabber’s linked article, not all plans include it though.
Yes but flexible SSL should be working. if the “cloud icon” is on for all subdomains on yoursite and you get that redirect error. That probably means issues with couldflare cert. As the visitor should never hit your origin “Godaddy” server directly when they are going via Cloudflare and flexible ssl.
If you renable it and get the too many redirects message, check the certificate details of the couldflare cert.
Yeah i checked for my case and Chrome was definitely showing the “RED lock” for Cloudflare cert and my subdomain were not in there. Maybe some propagation issue with the Cloudflare network of certificates where some get a valid cert and some dont. I cant tell you, but all i know is Chrome was warning me “Red Lock” that cert was not valid and when i inspect it all it showed was Cloudflare sni but not my domains/subdomains.
This guy has error 525 so he is not using Fexible SSL. Thats a different issue, he changed to “Full” probably because he was trying to fix the initial issue with flexible ssl.