Flexible SSL Isn't Working

My site (https://www.courio.com) has been using CloudFlare with Flexible SSL for quite a while, but just a few minutes ago it started not redirecting HTTPS requests to HTTP on my server. HTTP works fine though. I’ve confirmed my server is up and I haven’t changed any settings. It seems like CloudFlare’s HTTPS -> HTTP forwarding stopped working. Has anyone else seen this?

Looks OK from here:

% curl -s -o /dev/null --dump-header - http://www.courio.com 2>&1 | grep -E 'HTTP|Location'
HTTP/1.1 301 Moved Permanently
Location: https://www.courio.com/

Are you using the “Always Use HTTPS” from the SSL/TLS settings tab? Do you have an example URL where this is not working? I’m presuming you did not :grey: your site for testing, or override DNS with a hosts file entry.

I do have “Always Use HTTPS” (just turned it off), but I’m unable to access the site from HTTPS anymore. After switching I’m able to access from HTTP though. It seems obvious a screw up or change on CloudFlare’s side as I’ve changed nothing, but I’m not sure what to do about it.

If you share a URL the community can have a look.

http://www.courio.com should work
https://www.courio.com does not, but also should

They both look OK to me, returning a 200 status for a document with the same last modified and content.

I did see one strange thing, that somebody like @cloonan might be able to look at. I made a few different cUrl requests. The one below has an unusual Server header following the H2 upgrade. I have never seen an origin server header get displayed. @matt72 is your origin doing anything unusual, or is it just a plain old, standard config web server? (:fox_face:).

% curl -s -o /dev/null --dump-header - http://www.courio.com --http2
HTTP/1.1 101 Switching Protocols
Date: Fri, 17 Jan 2020 22:13:22 GMT
Connection: upgrade
Set-Cookie: <snip>
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 556bad0f5c85a669-XXX

HTTP/2 200
content-encoding: gzip
last-modified: Tue, 29 Oct 2019 16:01:17 GMT
server: youi
content-length: 1446
content-type: text/html
accept-ranges: bytes
date: Fri, 17 Jan 2020 22:13:22 GMT
2 Likes

Well, it seems to be working fine again…no idea why it stopped though. Very concerning.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.