Really Simple SSL

SSL with CloudFlare and Really Simple SSL

If you are a CloudFlare user, there are a few things to consider when migrating to SSL. If you run into redirect loops when you use CloudFlare, and have activated Really Simple SSL, check if you have configured below settings correctly.

Page rules

In CloudFlare you have the option to define page rules. If this page rule redirects all requests to http, activating Really Simple SSL will result in CloudFlare forcing your site to http, and Really Simple SSL forcing your site to https. A redirect loop is the result. You can remove the page rule, or change it into a page rule to https.

SSL settings in CloudFlare

If you have your own certificate, you should select Full SSL. If you use the CloudFlare SSL option, choose flexible SSL. Not selecting the correct option might cause redirect loops.

If you are thinking “what is the difference between these options”, I have listed a quick description:

  • Flexible SSL means there is no secure connection between CloudFlare and your site, but the connection between the visitor and CloudFlare is secure
  • Full SSl means that both connections are secure, but the connection between CloudFlare and the website does not check if the website has a trusted certificate: self signed will do as well.
  • Full Strict SSL: most secure. Everything is secure, and the website needs it’s own trusted SSL certificate.

Read more here on CloudFlare

Make sure CloudFlare does not cache old data

When we migrate a CloudFlare website to SSL, we always start with turn development mode in CloudFlare on. When everything is ready, purge the cache, then turn off development mode.

If you have not purged CloudFlare cache, you might get mixed content on your site.

If you run into anything that is not covered here, please let me know!



Related articles

20 Responses

  1. I had a redirect loop problem using Really Simple SSL and Cloudflare. I disabled both Enable WordPress 301 redirection to SSL and Enable 301 .htaccess redirect,

    I set SSL to Full at Cloudflare and it works,

    I’m not sure if I should enable these options again or Cloudflare will take care of it?

    What’s your advice?

    1. Hi Oxana,

      it looks like your set-up is fine. When using your own SSL certificate, Cloudflare SSL should be set to full. We recommend to use the .htaccess redirect since it’s the fastest. Your site seems to work fine at the moment so I wouldn’t change anything.


  2. Hi there,
    What’s the difference in CloudFlare SSL between Full & Full (strict)?
    I’m hosted at SiteGround & they told me to use Full (strict).

    1. Full strict is the most secure option, but can only be used if you have a valid SSL certificate on your site. I have added a short description to the article, with a link to a more detailed explanation from CloudFlare.

      1. Thanks Rogier,
        As an aside, I’m using iThemes Security Pro on my sites, & there is an option to enable SSL within it.
        I’m not 100% certain, but it seems to slow down the Dashboard significantly if I enable it.
        Any ideas? I realise it’s someone else’s plugin – so you may not have any experience with it.

    1. Hi Amit,

      to fix this you can look for other plugins and/or Cloudflare settings which are doing redirects. I’ve checked your site and it does redirects as follows:
      301 Moved Permanently
      301 Moved Permanently
      301 Moved Permanently
      200 OK

      First there’s a redirect to https://, back to http://www and finally to https://www. When enabling Really Simple SSL this will add another redirect, thus causing a redirect loop. Most of the time these other redirects are being caused by another plugin or Cloudflare page rules. If you know what is causing the current redirects, you can disable these and activate Really Simple SSL again.

      Good luck and let me know if you have any other questions!


    1. You can always try if these options work for you. I don’t know what the rewrite feature technically does, if it only rewrites the domain of your website, or if it handles hot linked images and css and js scripts from other domains, and form endpoints etc as well. Additionally, I’m pretty sure these options won’t fix any mixed content coming from resource files, like background images in css files with http url’s. This kind of stuff is searched for the pro plugin.

  3. Hey Rogier,
    Today(20th Nov. 2017) I have moved from http to https version of my website:
    with cloudflare Flexible SSL certificate + Really Simple SSL WordPress plugin, but somehow i am finding redirect problem: redirected you too many times.
    Try clearing your cookies.

    What i do now? Any help will be appreciated…

  4. HI; I have the ssl Https:// I also have a lock but there is a yellow triangle in front of it. It says not secure probably due to images. My site is brand new it has ASTRA as the theme and Elementor plug in. My site is . Is there anything you can do to help me.
    Thank You

    1. Hi Lonney,

      it seems your site does have the green lock now? Do you still experience issues? If so, try to clear the browser cache, that might solve your issue.


  5. I have setup clouldflare ssl certificate to my website :
    all the things working fine. i have create my own email id in cpanel it was successfully created and send mail to anyone . but i can’t receive email. anyone send me mail to that time show aunthanticated.
    help me.

    1. Hi,

      sounds like your server for incoming e-mail is not configured correctly. If you have created the e-mail in cPanel and use your hosters default servers, you can contact your hosting provider about this issue.


  6. Hi,
    I have installed SSL with cloudflare. but now my pinterest shared links have problem to open. it say site has redirects too many times. can you help to solve it please?

Leave a Reply

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.