Loading...

Knowledge Base

Fix Redirect Loop After Enabling Cloudflare SSL

When your website gets stuck in a redirect loop after enabling Cloudflare SSL. This article explains how Cloudflare SSL settings can cause redirect loops and how to fix them.

In case you use SSL with your website and you enabled Cloudflare, your website might go in a redirect loop.

This is because of how SSL Support is configured with Cloudflare. By default it is set to 'Flexible'. Flexible means that SSL requests for your website will reach Cloudflare, and Cloudflare's servers will attempt to fetch your website over normal HTTP. If your website is configured to open up via HTTPS this can create a loop.

The SSL section of the Cloudflare SSL/TLS app contains several options that determine whether Cloudflare securely connects to your origin web server.

The following are the options available in CloudFlare panel to configure routing of your domains:

  • Off
  • Flexible
  • Full
  • Full(strict)
  • Strict (SSL-Only Origin Pull)

Off

Off disables secure HTTPS connections between both visitors and Cloudflare and between Cloudflare and your origin web server. Visitors can only view your website over HTTP. Any connections attempted via HTTPS result in a HTTP 301 redirect to unencrypted HTTP.
 

Flexible

The Flexible SSL option allows a secure HTTPS connection between your visitor and Cloudflare, but forces Cloudflare to connect to your origin web server over unencrypted HTTP. An SSL certificate is not required on your origin web server and your visitors will still see the site as being HTTPS enabled.
 

Full

Full ensures a secure connection between both the visitor and your Cloudflare domain and between Cloudflare and your web server.
 

Full (strict)

Full(strict) ensures a secure connection between both the visitor and your Cloudflare domain and between Cloudflare and your origin web server. Configure your origin web server to allow HTTPS connections on port 443 and present either a Cloudflare Origin CA certificate or a valid certificate purchased from a Certificate Authority. This certificate must be signed by a Certificate Authority that is trusted by Cloudflare, have a future expiration date, and cover the requested domain name (hostname).


Strict (SSL-Only Origin Pull)

Strict (SSL-Only Origin Pull) instructs Cloudflare's network to always connect to your origin web server using SSL/TLS encryption (HTTPS). The SSL certificate presented by the origin web server must be signed by a Certificate Authority that is trusted by Cloudflare, have a future expiration date, and cover the requested domain name (hostname). 

How to resolve this issue:


To resolve the issue you need to change SSL Support for your website from 'Flexible' to 'Full Strict'. In this way after Cloudflare receive a secure requests for your site, they will use another secure request over HTTPS to fetch it from its host server.