HTTPS/SSL doesn't work

Hi, I managed to set CF successfully few times in the past, even once recently, but I can’t do it now.

The https version (karolgucfa.ml) wont load, not sure if i just did something incorrectly or if this host is incompatible.

I set SSL to ‘flexible’ and ‘redirect from http to https’

Does anyone know what’s going on? HTTP version is working

If you select SSL mode “flexible” you’re telling Cloudflare to only connect to your origin over HTTP. If your origin forwards HTTP back to HTTPS, then you’ve created an infinite forwarding loop. Everything looks okay at the moment though, traffic is proxying through Cloudflare and HTTP is redirecting to HTTPS successfully. Looks okay in-browser, at least. With curl I’m seeing a HTTP 520 with an empty message body, not sure what’s up with that. Did you change things around since posting the message? Is it working properly for you now? If not exactly what are you seeing? Hopefully you switched to one of the more secure SSL modes?

FYI you might want to fix this, it causes Firefox to display a warning icon on the SSL padlock (not Chrome though because it automatically rewrites it to HTTPS)

<div class="project-image" style="background-image:url( ' http://karolgucfa.ml/wp-content/uploads/2022/06/planet-silhouette-310x250.png ' );">
1 Like

I regards to getting a 520 when using curl, I tested it out a little more and found that if I spoof the user agent to something normal, it works properly. Is your server blocking based on user-agent?

You’ve also got some weird forwarding…

if somebody tries to access you as “http://www.karolgucfa.ml/” it redirects 3 times, 1st to “https://www.karolgucfa.ml/”, 2nd to “http://karolgucfa.ml/”, and then 3rd to “https://karolgucfa.ml/

The first redirect is probably happening automatically via Cloudflare but you’d be better off using a Page Rule or Bulk Redirect to strip off the www at the same time so that the 2nd & 3rd redirects can be skipped.

The 2nd redirect, “https://www.karolgucfa.ml/” to “http://karolgucfa.ml/” is probably happening on your server, don’t redirect HTTPS to HTTP, that’s weird. Either fix it on your server or have Cloudflare do it via Page Rule or Bulk Redirect (you can combine with the above)

Redirect chain (with curl spoofing user agent to avoid the 520):

$ curl -A "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" -IL 'http://www.karolgucfa.ml/'
HTTP/1.1 301 Moved Permanently
Date: Sun, 19 Jun 2022 01:18:22 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 19 Jun 2022 02:18:22 GMT
Location: https://www.karolgucfa.ml/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ay87S0ZYq2K%2BBo5nSS%2FOyVuMcBfI4n513VHkJe0Yg9trMGUkIVTS%2FONo1X%2FHU9j0jUe2oc1VNERaR5ZETlSKZqnrPiDtBiioLKdRwQvJ6yV37glPCQMVRtYDa3YwyzJiSvMsKkL%2Ffsk2LhKg3p7WrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 71d86e2cffa08717-ORD
alt-svc: h2=":443"; ma=60

HTTP/2 301
date: Sun, 19 Jun 2022 01:18:28 GMT
content-type: text/html; charset=UTF-8
location: http://karolgucfa.ml/
x-redirect-by: WordPress
cache-control: max-age=0
expires: Sun, 19 Jun 2022 01:18:27 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RTIDdGRTx9%2FP5rZ7WnxBb3QkP2L38QRt8YZy50QcLuuPDIv%2FL5D2u%2FMxKkqmW0skdvkUt%2F4Unwe5GXtPmM17RqO%2FyVJJP1H9XYRn4hfwoJrxtL45K%2Btf7uide%2FfS9cOqTiHC5fe3nm3AtlQSyR1xwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 71d86e504b452cb3-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

HTTP/1.1 301 Moved Permanently
Date: Sun, 19 Jun 2022 01:18:28 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 19 Jun 2022 02:18:28 GMT
Location: https://karolgucfa.ml/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BaXNBRxCJAnT1q5Kg4yXMGEvw24DXww6arUbysinNf9aWtgmOh6d%2B7nHjLCMUriY9OJ8vNHinn2wy570buQWoEhJ2nqRpq%2B9vvd%2BspbxkW0yJIqF5nK6Mqd2pnnxXDUDItR0zic3Fshpu7wZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 71d86e54fdf20388-ORD
alt-svc: h2=":443"; ma=60

HTTP/2 200
date: Sun, 19 Jun 2022 01:18:29 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <http://karolgucfa.ml/wp-json/>; rel="https://api.w.org/"
link: <http://karolgucfa.ml/wp-json/wp/v2/pages/28>; rel="alternate"; type="application/json"
link: <http://karolgucfa.ml/>; rel=shortlink
cache-control: max-age=0
expires: Sun, 19 Jun 2022 01:18:28 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o8epcRdYw1jZLg4Z0LxVawbR4AgqD1UM%2B4Z%2F9oV694T2LB7wDtEeYda%2Bk5ZmYeO4BGf4gB7jMwxJPb34tnlQcOWl35xXIydRA48s3RRaotUOQUpK6%2F2y1SpX2p2uvyGZgaZFaJBLZX0Wh50W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 71d86e563b14868a-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

520 when using curl without spoofing user-agent:

$ curl -IL 'https://www.karolgucfa.ml/'
HTTP/2 520
date: Sun, 19 Jun 2022 01:19:26 GMT
content-length: 0
cache-control: no-store, no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1w9TSDlYboqOGaKqq%2BnenMcDttDm5wawmK%2Feq4qT0Wb0%2F9Vpqf54gtJn%2F8uT7fXcu%2BDtQyFYgetq4gTmQsBcE5%2BZtBiThFwaC9JxWNWX1WNCbncStn7C12Ny6F0YeAUAEFTw4Vs7C52HiPDehW9vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 71d86fbd0e3cf222-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

The HTTP version is working for me, the HTTPS displays this:

Whats weird is that HTTPS version is working here with gtmetrix
shorturl.at/fmN13

By “Looks okay” do you mean youre seeing the webpage like gtmetrix?

Works fine in every browser I’ve tried including using Tor to make some connections from around the world.

(The warning icon on the padlock is because you have a background image loading over HTTP

What browser is that in your screenshot?

Have you gone through the standard deal of restart browser, clear cache, try different browser?

Hey, thanks! that helps a lot

Makes me think its either some caching, or IP/ISP issue. Seems i can access the site from my android phone just fine.

I tried edge, chromium, and other browsers, and incognito modes.

Yes I also tried clearing cache and flushing dns

I’ll reset the pc now. Anyway im glad the error happens only on my machine. Thanks!

PS. resetting the PC helped

NVM it doesnt work again… on pc and on the phone, I get ERR_SSL_PROTOCOL_ERROR
ill reset my modem