Err_too_many_redirects

jonxxon · February 7, 2023, 9:24pm

My domain is: jonsson.am www.jonsson.am

I ran this command: jonsson.am

It produced this output: ERR_TOO_MANY_REDIRECTS

My web server is (include version): nginx version: nginx/1.18.0

The operating system my web server runs on is (include version): Debian GNU/Linux 11

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

I have installed nginx, certbot. The only things (to my knowledge) that I have done to differ from an unmodified install is:

mkdir /var/www/jonsson 
echo "<h1>Hello World!</h1>" > /var/www/jonsson/index.html 
echo "server {
	listen 80 ;
	listen [::]:80 ;
	root /var/www/jonsson;
	index index.html index.htm ;
	server_name jonsson.am www.jonsson.am;
	location / {

		try_files $uri $uri/ =404;
	}
}" > /etc/nginx/sites-available/jonsson
ln -s /etc/nginx/sites-available/jonsson /etc/nginx/sites-enabled/jonsson
systemctl reload nginx
certbot --nginx
# default settings
systemctl reload nginx

I'd be grateful if you could offer some help. At present the server file (after certbot is finished with it) looks like this

server {


	root /var/www/jonsson;

	index index.html index.htm ;

	server_name jonsson.am www.jonsson.am;

	location / {
		try_files $uri $uri/ =404;
	}


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/jonsson.am/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/jonsson.am/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = www.jonsson.am) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = jonsson.am) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 ;
	listen [::]:80 ;

	server_name jonsson.am www.jonsson.am;
    return 404; # managed by Certbot


}

Please let me know if I should provide the DNS-records or anything else. It's the first time I try certbot; would be pleased if I could learn to use it for all projects.

_az · February 7, 2023, 9:28pm

Go to Cloudflare and set your SSL security setting to "Full (Strict)" instead of "Flexible".

The redirect is being caused by Cloudflare talking to your webserver over HTTP instead of HTTPS.

If you could upgrade your Certbot to 1.13.0 or newer that would help too, because that will make it possible for you to renew your certificate while having the "Full (Strict)" setting enabled. i.e. by following these instructions.

Bruce5051 · February 7, 2023, 9:29pm

Hello @jonxxon, welcome to the Let's Encrypt community.

Your redirection is in what seems to be an infinite loop

With curl

$ curl -Ii http://jonsson.am/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Date: Tue, 07 Feb 2023 21:28:34 GMT
Content-Type: text/html
Connection: keep-alive
Location: https://jonsson.am/.well-known/acme-challenge/sometestfile
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81KeNEFXJkj6g7hawIj4Y1Q6uT%2BbPNFMTcMTCFqe4aZY4DcNXfw0z6RpW%2B7xyCGFRQvJC7wKhB%2BUNiUoJxMLgKthUEtbDYmyi3SgBSrOHotODR0HVQuNQTajIS8a"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795f37504a6eef14-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

$ curl -Ii http://jonsson.am
HTTP/1.1 301 Moved Permanently
Date: Tue, 07 Feb 2023 21:27:32 GMT
Content-Type: text/html
Connection: keep-alive
Location: https://jonsson.am/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ty7vU%2BRBRLZFRTfQEuX3s4gtGTul8xnFpHZQ6x7P%2Fj7U4Fyc%2BGbW%2Fr%2FHaJ3VJsG8hxdB9uLLCoeLo4vgVV0D%2FMw5fpptpl9xdiK3O33vbSbZzgxy6vkkSVyg4P3c"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795f35c9295bef98-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Using this online tool https://www.redirect-checker.org/

system · March 9, 2023, 9:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.