Redirect issues when setting up record to point to vercel

Problem: Traffic going to Vercel server is showing err too many redirects when Cloudflare proxy is turned on.
Current Solution that I do not like: Cloudflare proxy turned off so that traffic is managed directly in Vercel. I do not like this because I want Cloudflare to serve as a consolidated defense point.

Set up that doesn’t seem to work because err too many redirects:

  1. I have a cname record pointing to Vercel using cname.vercel-dns.com for a subdomain affiliates.toptiertrader.com.
  2. Cloudflare SSL/TLS set to Full.
  3. I already have a universal cert applied to root and subdomains that already exist in Cloudflare. I also understand that Vercel offers an ssl cert through Let’s Encrypt. This is what I believe is causing the loop.
  4. To resolve this, I have a page rule set up in Cloudflare to turn off SSL for the subdomain living in Vercel (affiliates.toptiertrader.com). This was done based on advice given from several articles. This is supposed to allow Vercel to provide the cert instead of Cloudflare.
    4a. On Vercel it seems a cert has indeed been applied.

When I turn on proxy in Cloudflare, I get the redirect error, even with the page rule in place. When I turn off proxy, the page works.

I want proxy on. I want to manage traffic in Cloudflare if possible.

Please help.

You have a redirect from http->https and also a redirect from https->http, hence the loop. The latter is setup up somewhere on Cloudflare so you need to remove it…
https://cf.sjr.org.uk/tools/check?e08a496ec5014c7f83dfd3af22104983#connection-server-https

Use “Full (strict)” so that Cloudflare verifies your Vercel certificate to ensure the connection is secured.

1 Like

Badass. Thanks for the help. Simple change from SSL off thinking this allowed Vercel to provide the cert, to SSL strict on the page rule so that the Cloudflare can verify the cert.

Actually clarification for anyone who runs across this page. Not 100% sure step 2 is necessary, but it was the way I was able to get the cert to assign to the subdomain on Vercel.

On Cloudflare:

  1. Provide CNAME to point to Vercel for the subdomain you need.
  2. Set up page rule with SSL off to bypass Cloudflare check for SSL cert.
  3. Turn off Proxy for record on CF.
  4. Log on to your Vercel and ensure that a cert was given to your subdomain by clicking domain-DNS records- scroll down to find SSL cert and ensure that Vercel has assigned it.
  5. Set page rule to SSL Strict for that sub domain (or you can set it up for entire site depending on needs)
  6. Turn on CF proxy to mitigate traffic on CF again.

It may well be possible to skip step 2, but this worked for me.