Redirect Loops Settings

SSL with CloudFlare and Really Simple SSL

If you are a CloudFlare user, there are a few things to consider when migrating to SSL. If you run into redirect loops when you use CloudFlare, and have activated Really Simple SSL, check if you have configured below settings correctly.

Page rules

In CloudFlare you have the option to define page rules. If this page rule redirects all requests to http, activating Really Simple SSL will result in CloudFlare forcing your site to http, and Really Simple SSL forcing your site to https. A redirect loop is the result. You can remove the page rule, or change it into a page rule to https.

SSL settings in CloudFlare

If you have your own certificate, you should select Full SSL. If you use the CloudFlare SSL option, choose flexible SSL. Not selecting the correct option might cause redirect loops.

If you are thinking “what is the difference between these options”, I have listed a quick description:

  • Flexible SSL means there is no secure connection between CloudFlare and your site, but the connection between the visitor and CloudFlare is secure
  • Full SSl means that both connections are secure, but the connection between CloudFlare and the website does not check if the website has a trusted certificate: self signed will do as well.
  • Full Strict SSL: most secure. Everything is secure, and the website needs it’s own trusted SSL certificate.

Read more here on CloudFlare

Make sure CloudFlare does not cache old data

When we migrate a CloudFlare website to SSL, we always start with turn development mode in CloudFlare on. When everything is ready, purge the cache, then turn off development mode.

If you have not purged CloudFlare cache, you might get mixed content on your site.

If you run into anything that is not covered here, please let me know!

Related Articles

14 Comments

  • Oxana N

    I had a redirect loop problem using Really Simple SSL and Cloudflare. I disabled both Enable WordPress 301 redirection to SSL and Enable 301 .htaccess redirect,

    I set SSL to Full at Cloudflare and it works,

    I’m not sure if I should enable these options again or Cloudflare will take care of it?

    What’s your advice?

    • Mark Wolters

      Hi Oxana,

      it looks like your set-up is fine. When using your own SSL certificate, Cloudflare SSL should be set to full. We recommend to use the .htaccess redirect since it’s the fastest. Your site seems to work fine at the moment so I wouldn’t change anything.

      Mark

  • Jason Koning

    Hi there,
    What’s the difference in CloudFlare SSL between Full & Full (strict)?
    I’m hosted at SiteGround & they told me to use Full (strict).
    Thoughts?
    Thanks,
    Jason

    • Rogier Lankhorst

      Full strict is the most secure option, but can only be used if you have a valid SSL certificate on your site. I have added a short description to the article, with a link to a more detailed explanation from CloudFlare.

      • Jason Koning

        Thanks Rogier,
        As an aside, I’m using iThemes Security Pro on my sites, & there is an option to enable SSL within it.
        https://i.imgur.com/uOM88X0.jpg
        I’m not 100% certain, but it seems to slow down the Dashboard significantly if I enable it.
        Any ideas? I realise it’s someone else’s plugin – so you may not have any experience with it.
        Thanks,
        Jason

        • Mark Wolters

          Hi Jason,

          I’m not sure what the iThemes plugin does when you enable SSL through it. For support on that, I’d suggest to contact iThemes.

          Mark

  • Amit Biswas

    I had a to many redirect loop problem. I just disabled Really Simple SSL. And the website is working. When I disabled Really Simple SSL plugins SSL not working on my https://www.animationvideo.co . Can you fix it? Or re-enable Simple SSL for me.

    Thanks You So Much
    Amit

    • Mark Wolters

      Hi Amit,

      to fix this you can look for other plugins and/or Cloudflare settings which are doing redirects. I’ve checked your site and it does redirects as follows:

      http://animationvideo.co
      301 Moved Permanently
      https://animationvideo.co/
      301 Moved Permanently
      http://www.animationvideo.co/
      301 Moved Permanently
      https://www.animationvideo.co/
      200 OK

      First there’s a redirect to https://, back to http://www and finally to https://www. When enabling Really Simple SSL this will add another redirect, thus causing a redirect loop. Most of the time these other redirects are being caused by another plugin or Cloudflare page rules. If you know what is causing the current redirects, you can disable these and activate Really Simple SSL again.

      Good luck and let me know if you have any other questions!

      Mark

  • ibrahimc

    I want to ask why we need Really simple SSL even Cloud flare has Automatic HTTPS Rewrites and Always use HTTPS options? I ask because I dont know.

    • Rogier Lankhorst

      You can always try if these options work for you. I don’t know what the rewrite feature technically does, if it only rewrites the domain of your website, or if it handles hot linked images and css and js scripts from other domains, and form endpoints etc as well. Additionally, I’m pretty sure these options won’t fix any mixed content coming from resource files, like background images in css files with http url’s. This kind of stuff is searched for the pro plugin.

  • Rajinder Verma

    Hey Rogier,
    Today(20th Nov. 2017) I have moved from http to https version of my website: https://www.geekguruji.com
    with cloudflare Flexible SSL certificate + Really Simple SSL WordPress plugin, but somehow i am finding redirect problem: redirected you too many times.
    Try clearing your cookies.
    ERR_TOO_MANY_REDIRECTS

    What i do now? Any help will be appreciated…

    • Mark Wolters

      Hi Rajinder,

      it seems your site is working properly now, do you still experience issues?

      Mark

Leave a Comment