Disable Automatic SSL/TLS Upgrader

What is the name of the domain?

psbrickwork.com

What is the issue you’re encountering

Automatic SSL/TLS Upgrader is enabled so We have automatically upgraded the SSL/TLS encryption mode for the following zone from flexible to full

What steps have you taken to resolve the issue?

Manually revert the domains to Flexible.

What are the steps to reproduce the issue?

I understand some policy update by CF to upgrade SSLs from Flexible to FULL but I’m having 300+ small micro sites hosted on 3 different servers where I just don’t use any Server side SSL and let CF handle SSL on their front. I know its not that ‘safe’ however for these static 2-3 page sites it has been running perfectly for last 6-7 years and I don’t have to bother the Let’s encrypt for each new domain I add. However this policy update has been a pain.

I searched but all I could find was the thread mentioning spam mails for this Automatic SSL/TLS Upgrader, I can’t find a way to DISABLE this upgrader and keep all my domains on Flexible.
or
if there is a new better approach for me to have SSL termination on CF end without bothering with SSL on my server side, kinldy educated me pls.

Thanks

Lots of things in technology change rapidly, including browser standards and requirements, operating system changes, etc… and what worked for 6-7 years is not guaranteed to work today… even if nothing changes at your end.

Your site is showing an infinite redirection loop (ERR_TOO_MANY_REDIRECTS). The common cause for a Cloudflare-proxied site is an incorrect SSL/TLS setting – doesn’t matter if it was set automatically or manually.

Automatic SSL/TLS is the default mode for all zones.

Choosing any of the Custom SSL/TLS settings disables the automatic mode.

But there’s no account-wide setting in the dashboard for SSl/TLS encryption mode, so you’ll have to do this for individual zones… unless you can wrangle something together with the API: Cloudflare API | SSL

Define “better”.

Better security implies end-to-end encryption, which requires SSL at the origin server as well. But you say you don’t care about this… which, by extension, implies you don’t care about the security of your site’s visitors.

Good luck!

1 Like

Pretty condescending reply for a perfectly valid enquiry, there should be a simple way to bulk disable this account-wide & per-domain. Plenty of cases where people know their own SSL requirements and automatic upgrading can cause sites to fail to load.

Whilst it does have it’s benefits for novice users that aren’t aware of their own SSL requirements it’s certainly not the case for many CF clients and time-efficient methods should be provided for bulk disabling/specifying when many domains are under management.

1 Like

This topic was automatically closed after 15 days. New replies are no longer allowed.