Help with Full versus Flexible SSL &

Good Evening, I need a little help. I am new to this, so please forgive me if I have missed this. I tried to look through the posts before I submitted this.

Issue 2: I use Cloudflare to manage the actual websites I have in Hestia. So I have the websites created with WordPress and an SSL certificate here in Hestia, as well as mail setup through Hestia. If I set Cloudflare to flexible SSL, then I can access the webmail in Hestia webmail.domain.com , but I can’t access the website. If I set up the SSL to FULL in Cloudflare, I can access the site but not the webmail.

Unable to access your website when in SSL Flexible mode is likely caused because your website is trying to redirect to https because Cloudflare is trying to connect behind the proxy in http (no ssl).

Can you send a screenshot of your DNS. I’d want to see how your DNS is configured for your webmail and website. I’d want to see if your webmail is a :orange: CNAME proxy or :orange: A proxy.

What error are you seeing when you try to access it.

Is it the same error that you see when it is the other way around.

Also, Flexible SSL is not advised

Ok so lets try to answer these together.

I do not want to use flexible ssl, im just trying to get my stuff to work.

Currently this site (curethechaos.com) is in full ssl and I noticed it does not have a padlock even though I know there is an ssl certificate created with lets encrypt.

When I go to the domain the site loads without the lock.

When I go to webmail.curethechaos.com
It does not load and comes back with
Load cannot follow more than 20 redirections

When I reverse it and place it in flexible ssl the webmail comes up with a padlock and works fine.

The site has no padlock again and has the same error.
Load cannot follow more than 20 redirections

Yes, that is because when using Flexible mode, Cloudflare will use HTTPS between your device and Cloudflare servers, but then use regular HTTP on the back-side from Cloudflare to the webmail host.

When in Flexible mode, Cloudflare will use HTTP on the reverse proxy back-side to your website, and your website sees an incoming HTTP connection and tries to redirect Cloudflare to HTTPS. Cloudflare then sends another request in HTTP and your website again tries to redirect to HTTPS, this loop continues until the redirect limit is reached. Although in Flexible mode your browser says HTTPS, on the back-side Cloudflare is actually connecting to your website in HTTP.

To work at solving your problem, can you tell me if your hosting provider Hestia has any option to set a SSL certificate?

Hestia is a control panel for Debian and Ubuntu. You can upload certificates or use Let’s Encrypt via Certbot.

what epic.network said is correct, you can upload SSL certificates or you can use let’s encrypt.

If you feel that you can tell me how to fix stuff the items you listed above, I would be grateful.

Just another thing, unrelated to your issue but worth mentioning. Fix this, it’ll be affecting your emails on this server.

See my annotations from your screenshot earlier:

So I went in and turned off all SSL, and when I did that, and it removed “always use https” when I put it back on full SSL after that, everything worked. Thank you all for your help.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.