Too many redirects after activating letsencrypt

Hello,
first, the form:

My domain is: chainsigma.com

I ran this command: sudo certbot --nginx -d chainsigma.com -d www.chainsigma.com

It produced this output: (worked fine)

My web server is (include version): nginx/1.14.2

The operating system my web server runs on is (include version): Debian

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Before applying letsencrypt / without SSL, the website worked fine. After letsencrypt, my browser gives me the error message "Too many redirects", and this tool https://check-your-website.server-daten.de/?q=chainsigma.com also says that there is a loop.
However, I couldn't find an error in the sites-available/chainsigma.com file:

server {
    server_name chainsigma.com www.chainsigma.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/user/chainsigmacom;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/chainsigma_gunicorn.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/chainsigma.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/chainsigma.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = www.chainsigma.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = chainsigma.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name chainsigma.com www.chainsigma.com;
    return 404; # managed by Certbot

}

Do you see how to fix this? Thanks in advance!

This can happen if you use Cloudflare and you configure Cloudflare to use "Flexible" mode for SSL (see End-to-end HTTPS with Cloudflare - Part 3: SSL options – Cloudflare Help Center).

If you change your SSL mode from "Flexible" to "Full" (or higher), it should stop looping :loop:.

Thanks. The only Cloudflare services I am using are namesevers (I registered the domain using sav.com, which uses Cloudflare by default).
Currently, the two nameservers are augustus.ns.cloudflare.com and laura.ns.cloudflare.com. So if I replace these by, for example, NS1.DNSOWL.COM and NS2.DNSOWL.COM, the problem should be gone?

Did you change this very recently? Because even (my local) 1.1.1.1 resolver cache is still reporting the Cloudflare IPs for your domain:

$ dig +noall +answer @1.1.1.1 chainsigma.com
chainsigma.com.         223     IN      A       104.21.14.124
chainsigma.com.         223     IN      A       172.67.158.228

and

$ curl -i chainsigma.com
HTTP/1.1 301 Moved Permanently
Date: Thu, 28 Jan 2021 00:50:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d251e55d7e5ca10cb47980cbf36b91ae51611795056; expires=Sat, 27-Feb-21 00:50:56 GMT; path=/; domain=.chainsigma.com; HttpOnly; SameSite=Lax
Location: https://chainsigma.com/
CF-Cache-Status: DYNAMIC
cf-request-id: 07e811dfc000003775cc079000000001
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ur4%2Bn3z3RU1x2Zpy3KYwYCTJt61haSQwnV1Czsu2fdwC0k3HiTuqeH7ikfKjAzfwh5uobQC%2B54zhjtGxGTorV2nFhXQUK9NpevEgS4hwdw%3D%3D"}],"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6186b8df988d3775-MEL

Of course, you are free to keep using Cloudflare, but disable the proxy/CDN functionality (by toggling off the "orange cloud" in your DNS records).

That will also get rid of the redirect loop. Once your DNS and browser catch up, anyway.

If you do move your DNS hosting to dnsowl.com, remember to create the zone and all the DNS records there. At the moment it reports NXDOMAIN for chainsigma.com.

Thanks, I just signed up for Cloudflare and toggeld off the orange cloud - it works now!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.