Sorry… I should probably know this by now!
I have several websites with Cloudflare (Free plan), for most of them, I use CF SSL. On one of them, however, I am testing out something to use on a different site.
I have been asked to route all traffic to the site through CF (which I have done). It all works fine when using CF SSL. For this project, however, I turned off SSL on this site through Cloudflare but now get a redirect loop when trying to get to the site.
I do have a Let’s Encrypt cert on the server which should be active (not sure if that makes a difference!). It all works when I disable CF proxy…
If you turn off TLS the connection to your server will be plain HTTP as well. Now, if you have configured somewhere on your server a forcible HTTPS redirect you will enter that loop. Given that is the case, you’d simply need to remove that redirect and you should be fine.
Thanks for the reply - just checking, I can’t route the traffic through CF with SSL turned off and still use my Let’s Encrypt cert?
So basically you want the connection between your server and Cloudflare encrypted and the connection between Cloudflare and the visitor unencrypted? That would work, but TLS would still need to be enabled and people opening the site could access it via HTTPS, but also plain HTTP.
Sorry. What I want is:
IP hidden, DDOS mitigation etc. from Cloudflare but no SSL.
Basically… they have had comments from people not trusting certificates issued to sniXXXXXX.Cloudflaressl.com when that is not the domain of the website. They want visitors to always see the Let’s encrypt Cert and always access the site via https but still get the other Cloudflare features.
In that case you either need to purchase the $5/month dedicated certificate, where you still cant upload your own certificate however, or get the business plan for $200, where you can upload your certificate.
I really dont think though the Cloudflare is any issue at all.
You must not disable TLS however in any case.
Thanks @sandro . I agree that the CF cert isn’t a problem. Some people apparently don’t trust it though!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.