We currently have a dozen of sites published at the company. Some are using only HTTP (and flexible mode works great) and some are using HTTPs (flexible does not work). This situation force us to not use proxy in front of HTTPS sites. The problem is that we want to use the proxy.
Is there any configuration that could be done independently by A record to use or not use Cloudflare SSL?
The reason why you have either redirection loops, mixed content or some other things like stated in the below article:
Would be much better for you to generate an Cloudflare CA origin certificate and install it at your host/origin and enable Full SSL (Strict) (end-to-end), which I do recommend.
In case your host/origin already has an SSL certificate it would be much better to use Full SSL.
You can check weather you have enabled options Always Use HTTPS and Automatic HTTPS redirection.
You may have “Always Use HTTPS” enabled.
You can either add a Page Rule to disable the “Always Use HTTPS” option for your sub domain for example, or turn “Always Use HTTPS” feature off, then add a Page Rule to enable that feature for the root domain.
Moreover, you can specify to not use SSL (or your’s Flexible SSL mode) for a specific hostname like sub-domain.yourdomain.com using Page Rules as stated in above paragraph, while still keeping Flexible SSL option at other hostname like yourdomain.com, another-sub.yourdomain.com, etc…