DNS settings changed, but A Records are broken

#CommunityTip

Hi there.
We recently pointing a domain to Cloudflare to keep it’s Google Email settings, so we can change the A Record IP. We did this and left it a while to process.

24 hours on, the nameservers are on CF, but the A Record for the domain is incorrect. and if we visit the website, it errors about ‘over 20 redirections’.

If the A Record is wrong, why would be ‘redirect’, and if the nameserver is correct and the A Record was change at the same time (well just after), why would it be showing incorrectly?

Hi @simon4,

Have you checked this under DNS in your Cloudflare dashboard?

The errors “The page isn’t redirecting properly” or “ERR_TOO_MANY_REDIRECTS” indicates a redirect loop between Cloudflare and your origin server. The easiest fix for this is to remove the redirect on your origin server. For a more detailed set of options, review the troubleshooting suggestions in this Community Tip.

Thanks for replying so far. When you say removing redirects on Origin Server, what do you mean? If we can Private Message, I can give you all the DNS details, unless prividing the URL here is acceptable?

If you can post the URL here, that would be good.

At a guess, is your SSL/TLS mode set to Flexible? If so, try that at Full (strict) and see if that fixes is. That’s probably the most common cause!

1 Like

Oh my goodness me - that was it. The Full Script.
What’s the difference between that and Flexible?

Flexible is insecure and uses HTTP between Cloudflare and the server. Full (strict) uses HTTPS, but requires a valid certificate on the server :slight_smile:

This post from #Tutorials covers it in more detail!

Glad it is sorted!

It’s SSL on the host server, but why would that send it thru loops in the first place?

If you already have SSL on the server and you redirect all requests from HTTP to HTTPS, when Cloudflare tries to access the server over HTTP, it gets a redirect to HTTPS. Because it is set to Flexible, it forces that back to HTTP and the server redirects it to HTTPS and so on… Hence the loop!

Full (strict) is much more secure and causes less issues - really everyone should be using it!

Too right. Thanks. you have been extremely helpful.

1 Like

No problem, glad I could help!