Solving the "Too Many Redirects" Error with Cloudflare and Certbot

Introduction

Recently, I purchased a new domain through Cloudflare and set up DNS to point to an app on my server. However, when I tried to access the domain, I was met with a "too many redirects" error.

Understanding the Issue

After some troubleshooting, I discovered the root cause of the problem.

By default, Cloudflare's DNS SSL/TLS encryption mode is set to Flexible. However, I had already installed SSL certificates on my server using certbot. This discrepancy led to an issue where both my server and Cloudflare were attempting to redirect HTTP traffic to HTTPS, resulting in a redirect loop.

The Solution

To resolve this, I navigated to Cloudflare's SSL/TLS settings and switched the encryption mode from Flexible to Full. This immediately rectified the problem. It's worth noting that the other options Full (Strict) and Off, along with the default Flexible, were not suitable for my setup.

Steps to Configure SSL/TLS on Cloudflare

Here are the steps to adjust your SSL/TLS settings on Cloudflare:

1. Log in to your Cloudflare account.
2. Navigate to the domain experiencing issues.
3. Click on the SSL/TLS tab.
4. In the Overview section, you'll find the SSL/TLS encryption mode. Select Full.

By setting the SSL/TLS encryption mode to Full, you're telling Cloudflare to connect to your origin server using HTTPS because it expects your server to have an SSL certificate.

Understanding Cloudflare's SSL/TLS Encryption Modes

Cloudflare offers four SSL/TLS encryption modes, each serving a different purpose based on your server's configuration and your specific needs. Here's what each option does:

1. Off: When this mode is selected, no SSL is applied to your traffic, and all connections are served over HTTP. This is not recommended for most sites, especially those handling sensitive data, as it does not provide any encryption or security.

2. Flexible: In this mode, traffic between your site's visitors and Cloudflare is secured, but traffic between Cloudflare and your server is not. This means that data is not encrypted for the entire journey and could be exposed if your server is compromised. This option is generally used when the server doesn't have an SSL certificate installed.

3. Full: This mode secures traffic between both your site's visitors and Cloudflare, and between Cloudflare and your server. However, it doesn't verify the certificate on your server, meaning it will accept any SSL certificate, even if it's expired or issued by an unrecognized certificate authority. This is a good option if you have an SSL certificate on your server but it's not from a recognized authority.

4. Full (Strict): This is the most secure option. It works similarly to the "Full" mode but also verifies the certificate on your server. This means that the SSL certificate on your server must be valid and issued by a recognized certificate authority. This option provides the highest level of security and is recommended if your server is equipped with a valid SSL certificate.

When using Cloudflare with a server configured for HTTPS (for example, when you've deployed certificates on your server using Certbot), it's advisable to use either the "Full" or "Full (Strict)" mode. This ensures that the traffic is encrypted throughout its entire journey, from the visitor's browser to your server, providing a secure and smooth browsing experience for your users.

Conclusion

In this article, we've seen how to solve the too many redirects error when using Cloudflare with Certbot. We've also seen how to configure SSL/TLS encryption modes on Cloudflare.