I’ve activated Cloudflare last week. Unfortunately a while after my site was not accessible anymore. I’ve already talked to my hosting provider and they told me to change the SSL setting to “flexible”. Now I’m getting the error “ERR_TOO_MANY_REDIRECTS”. My hosting support told me, that under wordpress my domain is shapeyourtomorrow.co but Cloudflare requests www.shapeyourtomorrow.co. That’s the reason for this forwarding error. Now they suggest me to change some settings in Cloudflare and remove the “www.”. How do I do that and will this solve my problem?
Thank you in advance for your support.
Patrik
Bad advice. Your site is still insecure and that is probably also the reason for your error. Make sure you have a proper HTTPS setup on your server with a valid certificate and switch to “Full strict”.
Thank you for your reply. I’ve been using the SSL from Let’s Encrypt and the hosting provider told me, Let’s Encrypt is not compatible with the standard settings from Cloudflare. That’s why they suggested the change to “flexible”. According to this test, now Cloudflare provides the SSL certificate https://www.whynopadlock.com/results/39f7298b-0ea6-4535-a6f9-634e9987caba
At the moment I’m really overwhelmed with all this.
I am not sure what they mean, but generally that is wrong. Cloudflare’s proxies accept these certificate just fine.
Based on all these recommendations I’d consider switching to a more competent host.
This only refers to the connection to Cloudflare’s edge servers, you still need to encrypt the onwards connection to your server, for which you need your own certificate.
Switch to Full strict, make sure you have your certificate properly in place on your server, and check if things are working.
Thank you for your support. I’ve switched back to Full (strict) and checked the SSL setting again in my hosting account. After that I got a 526 error. Then I switched to Full and that way it works - the site is accessible.
But Full (strict) seems to be better, right? Who should I talk to now?
It is. Full is much better than Flexible, as there still is encryption in place, however it is vulnerable to MITM attacks. For Full Strict you just need a valid certificate on your server. You should talk to your host in this regard.