Too many redirect with cloudflare

I have Linux ubuntu vps, Apache reverse proxy with Kestrel as upstream . I have installed Lets Encrypt on the apache. currently sites works without major issue related to SSL , however, when i try to use Cloudfare , I end up with Too many Redirect issue. I have checked , double checked, test , adjusted VHOST .. lost hair . Cried , and nothing really worked. I came cross a similar issue , at resolution was that Lets encrypt certificate might had be faulty .. even though i have use SSL checker and passed A+ but i have no more ideas. so i thought might be best to remove the certificate and reissue new one.
I like to know how i can safely remove ssl from linux and reissue new one .?
I was also told not to allow certbot modify my vhost ..
I used tutorial from digitalocean to generate SSL .

here is the vhost used for the site .

<VirtualHost *.*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
#Header set Content-Security-Policy "upgrade-insecure-requests"
<VirtualHost *:80>
#Redirect "/" ""
	DocumentRoot /var/www/solution/html

#       ProxyPreserveHost On
        ProxyPass / 
#        ProxyPassReverse /
#        ServerName
#        ServerAlias
#	ProxyRequests off

<Directory /var/www/solution/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=301,L]
#RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP:X-Forwarded-Proto} =http
#RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
<IfModule mod_ssl.c>
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
#Header set Content-Security-Policy "upgrade-insecure-requests"

<VirtualHost *:443>
#RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}

	DocumentRoot /var/www/solution/html
	Protocols	h2 http/1.1
	ProxyPreserveHost On
        ProxyPass /  
        ProxyPassReverse / 
	ProxyRequests off
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	SSLEngine on
	SSLProxyEngine on
	ProxyPreserveHost on
	#SSLCertificateFile /etc/cert/
	#SSLCertificateKeyFile /etc/cert/
	SSLCertificateFile /etc/letsencrypt/live/
	SSLCertificateKeyFile /etc/letsencrypt/live/
	Include /etc/letsencrypt/options-ssl-apache.conf
	Header always set Strict-Transport-Security "max-age=63072000"
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

This part should be removed:

The loop is created because the originating HTTP request is handled by CF.
They redirect that to HTTPS.
Then all HTTPS requests are being proxied to your HTTP server.
Your HTTP vhost redirects them to HTTPS.
[but they were already using HTTPS]

The "fix" is in CF.


Check this post:


I have done that .. on CF , just turned proxy for DNS , I start to get too many redirects error . 3 weeks that im trying to fix this .. i do believe issue is from apache configuration , but there is nothing i can find that is out of documentation so far.

1 Like

Neither of the problems I'll describe are related to Let's Encrypt. You might be better off seeking help on a Cloudflare community forum or even Apache forum.

First, the DNS setting for your www subdomain is different than for your root name These should be the same

Second, some system is redirecting the HTTPS request back to HTTP. This should never happen and my Firefox browser reports this as a redirect that will never complete. I don't know if you have something set in your Cloudflare CDN proxy settings that does this. Or, whether maybe whatever you are proxying to in your Apache system is doing that. You didn't show what is handling the proxypass request to but you should check whatever that is.

The faulty redirect

curl -i
HTTP/2 301
cf-cache-status: DYNAMIC
server: cloudflare

Your faulty DNS

Address: 2606:4700:3034::6815:5796
Address: 2606:4700:3031::ac43:901c


Dose NS records are Cloudflare NS that needed to be setup to point to CF ..
I didn't know NS for www pointing to my IP address. i will try to look into , maybe this is reason for redirects.
Thanks for your help. will head to apache as CF community couldn't figure this on out..

1 Like

It looks like you disabled Cloudflare proxy on both your domain names now.

Are you still getting the redirect failure?

I see a Kestrel Server actively responding to HTTPS requests (HTTP handled by Apache)


Yes. I did disable it , when CF disabled i have access to my site .. when CF is on too many redirect issue and in Developer panel all files ends up with 302 redirect ...

If you want to use Cloudflare's proxy with a signed certificate, you must ensure that the SSL/TLS encryption mode is set to 'Full (strict)'. To do this, select SSL/TLS for the domain and change the mode; it will then work with proxy mode enabled

I have tried everything on CF.. problem starts when i proxy DNS . when that turned on ( orange cloud ) i get too many redirect after few minutes . i have checked my proxy server and there is nothing i can find that is wrong with its configuration .. I believe too many redirect happens due to kestrel that is my upstream application server , and proxy configuration on my end is based on MSDN tutorial.
at this point my site without CF is working . but having this issue when CF enabled , means configuration on my server has issue that i can not figure out.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.