HTTP to HTTPS redirect issue

My setup includes the following:

  • A docker-compose backend app on a Google Cloud Vmware
  • Frontend on Cloudflare pages
  • Cloudflare hosting the DNS, redirecting api.domainname to the backend.

For issuing the SSL certificate, I’m using the LetsEncrypt method, I already have a docker image.
Now, the issue is:

Whenever I try to access
http://{{DOMAIN_NAME}}/.well-known/acme-challenge/test.txt from the browser, it always redirects HTTP to HTTPS and ends up in a ERR_TOO_MANY_REDIRECT_ERROR.

When trying to do
curl -i http://{{DOMAIN_NAME}}/.well-known/acme-challenge/test.txt everything works just fine.

Solutions I tried:

  1. Removed HTTP to HTTPS redirection from Nginx config.
  2. Created a page rule on Cloudflare to allow this only HTTP request to pass, with the following config: Disable Security, SSL: Off, Security Level: Essentially Off, Automatic HTTPS Rewrites: Off
  3. Made sure that HTTP to HTTPS feature in Cloudflare is off

Any suggestions?

Often “too many redirects” is due to your SSL/TLS setting being set to “Flexible” (so Cloudflare always connects to your origin using HTTP even if the clients requests HTTPS) while your origin redirects HTTP to HTTPS, hence the loop. However you say you’ve removed that redirection on your origin, but just in case make sure you have SSL/TLS set to “Full (strict)” once your certificate is in place.

I would suggest to use DNS-01 rather than HTTP-01 as it avoids all the issues associated with making a exception to allow HTTP for the challenge through Cloudflare and to your origin. Then you can leave all the HTTPS only redirects and settings in place and use just HTTPS to your origin.

Assuming you are using certbot, there is a plugin that automates the DNS settings for Cloudflare, see…

…and all it takes to get the certificate is…
certbot --dns-cloudflare --dns-cloudflare-credentials ./cloudflare-credentials.txt --preferred-challenges dns certonly -d -d *

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.