autoSSL and cloudflare SSL

oah

Well-Known Member
Jan 23, 2018
51
9
8
Iraq
cPanel Access Level
Website Owner
Hi
I am using the autoSSL offered by the WHM on my website, at the same-time I am using cloudflare as a reverse-proxy and it is offering me a free certificate (I am using the free plan). When I use the flexible option (shown in the fig below) which is supposed to serve the traffic from port 80 on my machine (the non-secured one) I keep getting redirect loops and my only solution for now is to bypass cloudflare.

So my question is how does the autoSSL work on the server, does this feature redirect all the traffic for port 80 traffic towards port 433 on the machine?


CF.PNG
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
631
207
343
cPanel Access Level
DataCenter Provider
Your answer is pretty much on the CloudFlare site: Troubleshooting redirect loop errors In our experience setting to Full or Full (Strict) will resolve the looping problem. The Let's Encrypt cert on your cPanel site is valid, so strict should be fine.

It really boils down to how your site handles redirection http to https and how well that interacts with CloudFlare (when you are on Flexible).
 

oah

Well-Known Member
Jan 23, 2018
51
9
8
Iraq
cPanel Access Level
Website Owner
Your answer is pretty much on the CloudFlare site: Troubleshooting redirect loop errors In our experience setting to Full or Full (Strict) will resolve the looping problem. The Let's Encrypt cert on your cPanel site is valid, so strict should be fine.

It really boils down to how your site handles redirection http to https and how well that interacts with CloudFlare (when you are on Flexible).
Hi @ffeingol
Thx for your reply, I was going to check CF after figuring out how the Auto SSL works on the cpanel. So to be more specific, when I create a new domain with AutoSSL enabled, with WHM's default settings, "will the traffic on my website be automatically redirected from http to https" on my machine, assume no Cloudflare".
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
631
207
343
cPanel Access Level
DataCenter Provider
We can't really answer that. I know that it can be done in cPanel (under Domains's). I can't remember if it can be forced on all sites a the WHM level. Even if neither of those were doing it, it's trivial to do with a .htaccess file and/or things like cPanel plugins. You have to look at your site(s) and see if they are redirecting to https if you request http. My guess is 'yes', as whats where "we" see this issue.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
You can add a mandatory redirect to https through the use of includes - I'd recommend adding an exception for the DCV check though if DNS is not hosted on the server for the domains. You can also force https through cPanel on a per-domain basis or for all domains in a cPanel account using a redirect rule in the .htaccess.
 

oah

Well-Known Member
Jan 23, 2018
51
9
8
Iraq
cPanel Access Level
Website Owner
Hi @cPanelLauren and @ffeingol , this is a follow up on the auto-ssl issue, I simply set cloudflare option to "Full" and everything started to work. Thank you guys :)
So to re-cap:

1- For some reason all the domains on my machine are not answering http requests and my initial work around was to by-pass cloudflare and have the requests go to the machine (even if I issue http to a domain, I was getting https answer with "cpanel issued certificate").

2- The problem manifested itself when I set cloudflare to "flexible" apparently the "http requests from CF to my machine were not getting answered" I confirmed that with curl as I got 503 error.

3- So it was clear to I have to use the "full" option.

Everything works now, but I am yet to find why my newly created domains on the machine don't answer http requets they just redirect it and serve https instead (I am open to any diagnostic suggestions).

Hope this helps.
Thx.
O.