autoSSL and cloudflare SSL

oah

• May 19, 2020 09:39

Hi I am using the autoSSL offered by the WHM on my website, at the same-time I am using cloudflare as a reverse-proxy and it is offering me a free certificate (I am using the free plan). When I use the flexible option (shown in the fig below) which is supposed to serve the traffic from port 80 on my machine (the non-secured one) I keep getting redirect loops and my only solution for now is to bypass cloudflare. So my question is how does the autoSSL work on the server, does this feature redirect all the traffic for port 80 traffic towards port 433 on the machine?

• 

  ffeingol

  • May 19, 2020 14:47

  Your answer is pretty much on the CloudFlare site: Troubleshooting redirect loop errors In our experience setting to Full or Full (Strict) will resolve the looping problem. The Let's Encrypt cert on your cPanel site is valid, so strict should be fine. It really boils down to how your site handles redirection http to https and how well that interacts with CloudFlare (when you are on Flexible).

  0
• 

  oah

  • May 19, 2020 20:36

  Your answer is pretty much on the CloudFlare site: on my machine, assume no Cloudflare".

  0
• 

  ffeingol

  • May 19, 2020 21:14

  We can't really answer that. I know that it can be done in cPanel (under Domains's). I can't remember if it can be forced on all sites a the WHM level. Even if neither of those were doing it, it's trivial to do with a .htaccess file and/or things like cPanel plugins. You have to look at your site(s) and see if they are redirecting to https if you request http. My guess is 'yes', as whats where "we" see this issue.

  0
• 

  cPanelLauren

  • May 19, 2020 22:07

  You can add a mandatory redirect to https through the use of includes - I'd recommend adding an exception for the DCV check though if DNS is not hosted on the server for the domains. You can also force https through cPanel on a per-domain basis or for all domains in a cPanel account using a redirect rule in the .htaccess.

  0
• 

  oah

  • May 22, 2020 05:32

  Hi @cPanelLauren and @ffeingol, this is a follow up on the auto-ssl issue, I simply set cloudflare option to "Full" and everything started to work. Thank you guys :) So to re-cap: 1- For some reason all the domains on my machine are not answering http requests and my initial work around was to by-pass cloudflare and have the requests go to the machine (even if I issue http to a domain, I was getting https answer with "cpanel issued certificate"). 2- The problem manifested itself when I set cloudflare to "flexible" apparently the "http requests from CF to my machine were not getting answered" I confirmed that with curl as I got 503 error. 3- So it was clear to I have to use the "full" option. Everything works now, but I am yet to find why my newly created domains on the machine don't answer http requets they just redirect it and serve https instead (I am open to any diagnostic suggestions). Hope this helps. Thx. O.

  0

Please sign in to leave a comment.