Can I temporarily disable LE on a Windows Server?

Hi:

First: Happy Holidays and a Happy New Year to all!

I've deployed Cloudflare on my site hosted on Windows Server recentely, which had active, functional Let's Encrypt (LE) certificates running on it. Upon activation, anyone trying to access microsafe.com.br gets the error ERR_TOO_MANY_REDIRECTS.

Upon reading Clouflare's documentation, it looks like they provide an Universal SSL certificate, and if my server is redirecting HTTP calls to HTTPS (which it is), this may be one of the culprits. It cites another SSL certificates issues as well that may cause this error in this article: ERR_TOO_MANY_REDIRECTS · Cloudflare SSL/TLS docs

My hosting provider, so far, has been unable to help me with this matter and I frankly don't have the expertise to research this issue on my own, even reading the article above.

So I'm wondering if there's an easy way to temporarily disable my LE certificates on my Windows Server host, in order to check if Cloudflare is really having issues with it. This looks like it could be a simple process that would give me a clue where the problem is. If it's indeed possible to do that, I would greatly appreciate step-by-step instructions on how to temporarily disable LE on my server and, later, reactivate it upon demand, because, as I've said, I reallly lack expertise to do that on my own.

Thanks in advance.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.microsafe.com.br

I ran this command: N/A

It produced this output: N/A

My web server is (include version): IIS 8.0

The operating system my web server runs on is (include version): Windows Server 2012

My hosting provider, if applicable, is: Mochahost.com

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

That document mainly or only discusses HTTP -> HTTPS -> HTTP -> HTTPS and so forth redirect loops. But you have a HTTPS -> HTTPS -> HTTPS redirect loop, which is different.

Also, nowhere in the article it states that you should remove the HTTPS certificates from the origin server, just the HTTPS redirect.

4 Likes

Are you using Flexible Mode in your Cloudflare Encryption Mode?

Because that would send requests to your Origin Server as HTTP. Your Origin server then looks like it is redirecting to HTTPS. The process repeats forever

The Cloudflare community is probably better place to discuss this configuration. Below are links for the Cloudflare setting I ask about. And, its community

curl -i http://www.microsafe.com.br

HTTP/1.1 301 Moved Permanently
Location: https://www.microsafe.com.br/
Server: cloudflare

=========

Following that Location to https gets a redirect 
But, it looks like it's from your Origin Server and not the Cloudflare Edge
(note the Copyright, x-powered-by, and the HTML body that did not appear above)

curl -i https://www.microsafe.com.br

HTTP/2 301
location: https://www.microsafe.com.br/
x-powered-by: ASP.NET
copyright: MicroSafe
server: cloudflare

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.microsafe.com.br/">here</a></body>

https://community.cloudflare.com/

6 Likes

It sounds like CF is connecting to your real server via HTTP.
Which will produce an HTTP to HTTPS redirect.
But since the client only connects to CF, it can never get CF to connect to your server via HTTPS and will get stuck in the endless loop.

5 Likes

As others have indicated, this question is probably better suited for the Cloudflare Community. It is worth noting that the most common cause of that redirection loop is the use of the insecure Flexible SSL mode. Switch your SSL mode to Full (Strict) in Cloudflare. Even if it doesn't fix your redirect loop, it is the only secure option.

6 Likes

I agree it was likely the Flexible mode but they got it working even before Rudy replied. Cheers

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.