We recently want to HTTPS from HTTP. Many links to our site from external sites have not been updated to HTTPS and these links are very valuable for SEO purposes. We also have pages which redirect from one page name to another also for SEO purposes. What’s happening is when a HTTP request for our web site is being handled by Cloudflare, it’s sending a HTTP to HTTPS redirect response. The browsers does its thing and it sends a request for the page with the HTTPS scheme. The web server sees that it’s a redirected page and sends another redirect for the new page name. Our problem when two redirects are done the SEO value for the external links is diminished dramatically. To complicate matters a bit more, for business reasons we can’t install a CA signed certificate for our domain on our web server so we depend on Cloudflare to handle the SSL termination for the user’s browser.
A workable solution would be if Cloudflare could be configured to allow both HTTP and HTTPS traffic through. The HTTPS traffic would still need to be terminated at Cloudflare (to take advantage of their CA signed cert). We have modified our web server so when a request comes in for a redirect for the page name and the scheme is HTTP that it sends only one redirect response to the browser.
Cloudflare does allow HTTP and HTTPS traffic through. I’m guessing you have either ‘always use HTTPS’ turned on or a page rule which is translating HTTP to HTTPS as by default HTTP requests should be proxied through without any change whatsoever. Have a dig around your settings.
Can you please tell me what kind of platform are you using for your site?
If for example WordPress you can try the Really Simple SSL plugin and then activate it.
After that everything should start to work properly because it makes all of your redirects to point to HTTPS.
If you are using another platform or a custom site you might have to manually replace all of the HTTP URLs to HTTPS.
Always use HTTPS is already off. SSL is set to full.
Our site is Java based running on Tomcat 7.
You may have some issues with SEO if you are using external content thru HTTP and HTTPS. I would recommend you to use only one protocol for the pages that are important for you and the mixed content on the other pages.
Please check out this article: How Google Handles New HTTPS Pages With Mixed Content Warnings
From Google Search side, what would happen there is we would recognize that there is insecure content on this page and we would be less likely to pick that URL as the canonical.
So we have your HTTP version, your HTTPS version, if we recognize that the HTTPS version isn’t correct, then we will prefer the HTTP version.
_Source: The same article: http://www.thesempost.com/https-pages-mixed-content-google/_
EDIT: It may be best to use only one HTTP or HTTPS with all links fixed.