Site leads to too many redirects error?

My site I connected to replit successfully, yet still gives me this error. I have no idea where to start. Any ideas?

According to the browser developer tools, I am seeing a 308 error, which suggests that there is a permanent redirect setup to your domain. Which server are you using - nginx, apache? Possibly that your server setup has an issue causing the permanent loop


On replit I’m running something that uses only nginx as a backend.

From what I can see you are proxying the traffic through Cloudflare.

;; ANSWER SECTION: 86400 IN NS 86400 IN NS

But your DNS records look a little strange. Normally the IPs are similar.


Are you using a Cloudflare Tunnel to get to your server?

Have you tried just a curl test on your local host? With the option -L option to follow a redirect. It would be good to know the behaviour of your web server locally first

Before moving to Cloudflare, was your Website working over HTTPS connection?

How about the SSL certificate on your origin host/server? Is it existing? Is it a valid one?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?


@fritex This is first website I hosted it on. I have it on flexible. Should it be on full strict?

I am unsure what you mean, I am using replit. I do not know how to preform a curl test. About the Cloudflare tunnel, I do not use that option in settings, if that’s what you mean.

Unless there is a reason you need to be using Flexible, I would recommend Full or Full Strict.

Full requires a certificate to be presented on your origin which is at least self-signed and Full Strict requires a trusted certificate or a Cloudflare Origin CA certificate.

Cloudflare Origin CA certificates are effectively self-signed but issued by Cloudflare & can last for up to 15 years.

1 Like

Switched. It works now! Thank you for your help!

Glad to hear - the usual culprit is that your origin is redirecting HTTP → HTTPS but Flexible sends requests to your origin over HTTP, so you can see where the loop starts to form.

Just for the sake of good order, Full is not secure either and should not be used either → Why you should choose Full Strict, and only Full Strict

@zaqjosh, you mentioned you changed the setting, hopefully to Full Strict.

Technically not self-signed, just issued by an untrusted CA :slight_smile: